(RHSA-2014:2021) Important: jasper security update

2014-12-1800:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.369 Low

EPSS

Percentile

96.6%

JSON

JasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.

Multiple off-by-one flaws, leading to heap-based buffer overflows, were
found in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)

Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Jose Duart of the Google Security Team as the original
reporter.

All JasPer users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All applications using
the JasPer libraries must be restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6s390xjasper-devel< 1.900.1-16.el6_6.2jasper-devel-1.900.1-16.el6_6.2.s390x.rpm
RedHat6s390xjasper< 1.900.1-16.el6_6.2jasper-1.900.1-16.el6_6.2.s390x.rpm
RedHat6i686jasper-libs< 1.900.1-16.el6_6.2jasper-libs-1.900.1-16.el6_6.2.i686.rpm
RedHat6s390xjasper-utils< 1.900.1-16.el6_6.2jasper-utils-1.900.1-16.el6_6.2.s390x.rpm
RedHat7s390jasper-devel< 1.900.1-26.el7_0.2jasper-devel-1.900.1-26.el7_0.2.s390.rpm
RedHat6x86_64jasper-debuginfo< 1.900.1-16.el6_6.2jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm
RedHat7s390xjasper< 1.900.1-26.el7_0.2jasper-1.900.1-26.el7_0.2.s390x.rpm
RedHat7s390xjasper-libs< 1.900.1-26.el7_0.2jasper-libs-1.900.1-26.el7_0.2.s390x.rpm
RedHat6ppcjasper-devel< 1.900.1-16.el6_6.2jasper-devel-1.900.1-16.el6_6.2.ppc.rpm
RedHat6i686jasper< 1.900.1-16.el6_6.2jasper-1.900.1-16.el6_6.2.i686.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	s390x	jasper-devel	< 1.900.1-16.el6_6.2	jasper-devel-1.900.1-16.el6_6.2.s390x.rpm
RedHat	6	s390x	jasper	< 1.900.1-16.el6_6.2	jasper-1.900.1-16.el6_6.2.s390x.rpm
RedHat	6	i686	jasper-libs	< 1.900.1-16.el6_6.2	jasper-libs-1.900.1-16.el6_6.2.i686.rpm
RedHat	6	s390x	jasper-utils	< 1.900.1-16.el6_6.2	jasper-utils-1.900.1-16.el6_6.2.s390x.rpm
RedHat	7	s390	jasper-devel	< 1.900.1-26.el7_0.2	jasper-devel-1.900.1-26.el7_0.2.s390.rpm
RedHat	6	x86_64	jasper-debuginfo	< 1.900.1-16.el6_6.2	jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm
RedHat	7	s390x	jasper	< 1.900.1-26.el7_0.2	jasper-1.900.1-26.el7_0.2.s390x.rpm
RedHat	7	s390x	jasper-libs	< 1.900.1-26.el7_0.2	jasper-libs-1.900.1-26.el7_0.2.s390x.rpm
RedHat	6	ppc	jasper-devel	< 1.900.1-16.el6_6.2	jasper-devel-1.900.1-16.el6_6.2.ppc.rpm
RedHat	6	i686	jasper	< 1.900.1-16.el6_6.2	jasper-1.900.1-16.el6_6.2.i686.rpm