jasper security update

2017-05-09T00:00:00
ID ELSA-2017-1208
Type oraclelinux
Reporter OracleLinux
Modified 2017-05-09T00:00:00

Description

[1.900.1-21] - Bump release [1.900.1-20] - Multiple security fixes (fixed by thoger): CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 CVE-2016-10251 - Fix implicit declaration warning caused by security fixes above [1.900.1-19] - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183672) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680) [1.900.1-18] - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567) - CVE-2014-8138 - heap overflow in jp2_decode (#1173567) [1.900.1-17] - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171209)