Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2015-302-02
HistoryOct 29, 2015 - 10:48 p.m.

[slackware-security] jasper

2015-10-2922:48:48
Slackware Linux Project
www.slackware.com
23

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.457 Medium

EPSS

Percentile

97.4%

JSON

New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/jasper-1.900.1-i486-4_slack14.1.txz: Rebuilt.
Applied many security and bug fixes.
Thanks to Heinz Wiesinger.
For more information, see:
https://vulners.com/cve/CVE-2008-3520
https://vulners.com/cve/CVE-2008-3522
https://vulners.com/cve/CVE-2011-4516
https://vulners.com/cve/CVE-2011-4517
https://vulners.com/cve/CVE-2014-8137
https://vulners.com/cve/CVE-2014-8138
https://vulners.com/cve/CVE-2014-8157
https://vulners.com/cve/CVE-2014-8158
https://vulners.com/cve/CVE-2014-9029
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/jasper-1.900.1-i486-3_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/jasper-1.900.1-x86_64-3_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/jasper-1.900.1-i486-4_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/jasper-1.900.1-x86_64-4_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/jasper-1.900.1-i486-4_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/jasper-1.900.1-x86_64-4_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/jasper-1.900.1-i486-4_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/jasper-1.900.1-x86_64-4_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/jasper-1.900.1-i486-4_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/jasper-1.900.1-x86_64-4_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/jasper-1.900.1-i586-5.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/jasper-1.900.1-x86_64-5.txz

MD5 signatures:

Slackware 13.0 package:
5156625217cd39753e427d30a8e994d2 jasper-1.900.1-i486-3_slack13.0.txz

Slackware x86_64 13.0 package:
6d7e1fe5d90acf882a799c7a4f07a447 jasper-1.900.1-x86_64-3_slack13.0.txz

Slackware 13.1 package:
4af3cca993d4b50be8cc59a9599bfc3e jasper-1.900.1-i486-4_slack13.1.txz

Slackware x86_64 13.1 package:
3c2da5e24db15cb4ac0436bb9c99ce31 jasper-1.900.1-x86_64-4_slack13.1.txz

Slackware 13.37 package:
e28b5780bb6bc2268d6d0aa3e934857c jasper-1.900.1-i486-4_slack13.37.txz

Slackware x86_64 13.37 package:
3ed6279730f6166b9caeaa0057e70afe jasper-1.900.1-x86_64-4_slack13.37.txz

Slackware 14.0 package:
379669370567a56e10524cd8a617b9d5 jasper-1.900.1-i486-4_slack14.0.txz

Slackware x86_64 14.0 package:
709a08d0f7c1cc2ff137413535b8733b jasper-1.900.1-x86_64-4_slack14.0.txz

Slackware 14.1 package:
0eb7e527854fbf3b2c72632015466069 jasper-1.900.1-i486-4_slack14.1.txz

Slackware x86_64 14.1 package:
75303d94123548515bc2913d83ec52cc jasper-1.900.1-x86_64-4_slack14.1.txz

Slackware -current package:
f1a1b8c0d3efe48c47665b1d88bcf8e9 l/jasper-1.900.1-i586-5.txz

Slackware x86_64 -current package:
31b75bd030af924b1a23e8763b9570e9 l/jasper-1.900.1-x86_64-5.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg jasper-1.900.1-i486-4_slack14.1.txz

Related

openvas 64
nessus 69
redhat 5
fedora 17
gentoo 3
securityvulns 5
archlinux 2
ubuntu 4
freebsd 2
veracode 3
oraclelinux 3
centos 3
amazon 2
debian 7
suse 3
osv 4
cert 1
mageia 2
openvas
openvas
Slackware: Security Advisory (SSA:2015-302-02)
2022-04-21 00:00:00
Gentoo Security Advisory GLSA 201503-01
2015-09-29 00:00:00
Fedora Update for jasper FEDORA-2015-1062
2015-02-10 00:00:00
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)
2015-10-30 00:00:00
RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)
2015-03-20 00:00:00
GLSA-201503-01 : JasPer: Multiple Vulnerabilities
2015-03-09 00:00:00
redhat
redhat
(RHSA-2015:0698) Important: rhevm-spice-client security, bug fix, and enhancement update
2015-03-18 00:00:00
(RHSA-2014:2021) Important: jasper security update
2014-12-18 00:00:00
(RHSA-2015:0074) Important: jasper security update
2015-01-22 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: jasper-1.900.1-30.fc21
2015-02-09 05:28:37
[SECURITY] Fedora 20 Update: jasper-1.900.1-28.fc20
2015-02-09 05:32:40
[SECURITY] Fedora 20 Update: mingw-jasper-1.900.1-26.fc20
2015-02-02 17:21:42
gentoo
gentoo
JasPer: Multiple Vulnerabilities
2015-03-06 00:00:00
JasPer: User-assisted execution of arbitrary code
2012-01-23 00:00:00
JasPer: User-assisted execution of arbitrary code
2008-12-16 00:00:00
securityvulns
securityvulns
jasper library multiple security vulnerabilities
2015-01-25 00:00:00
JasPer library security vulnerabilities
2011-12-19 00:00:00
[oCERT-2015-001] JasPer input sanitization errors
2015-01-25 00:00:00
archlinux
archlinux
jasper: arbitrary code execution
2014-12-19 00:00:00
jasper: arbitrary code execution
2015-01-27 00:00:00
ubuntu
ubuntu
JasPer vulnerabilities
2015-01-26 00:00:00
Ghostscript vulnerabilities
2015-01-26 00:00:00
Ghostscript vulnerabilities
2012-01-04 00:00:00
freebsd
freebsd
jasper -- buffer overflow
2011-12-09 00:00:00
jasper -- multiple vulnerabilities
2014-12-10 00:00:00
veracode
veracode
Heap-Based Buffer Overflow
2019-05-02 05:06:17
Memory Corruption
2019-05-02 04:40:58
Denial Of Service (DoS) Or Remote Code Execution (RCE)
2019-05-02 04:40:58
oraclelinux
oraclelinux
jasper security update
2014-12-18 00:00:00
jasper security update
2015-01-22 00:00:00
jasper security update
2011-12-14 00:00:00
centos
centos
jasper security update
2014-12-18 22:11:55
jasper security update
2011-12-22 15:46:17
jasper security update
2015-01-22 22:28:13
amazon
amazon
Important: jasper
2015-01-08 11:36:00
Important: jasper
2015-02-11 19:37:00
debian
debian
[SECURITY] [DSA 3138-1] jasper security update
2015-01-25 10:00:52
[SECURITY] [DSA 3106-1] jasper security update
2014-12-20 13:45:18
[SECURITY] [DLA 138-1] jasper security update
2015-01-28 19:03:39
suse
suse
Security update for jasper (important)
2011-12-14 19:08:30
Security update for jasper (important)
2011-12-12 02:08:33
jasper (important)
2011-12-16 13:08:23
osv
osv
jasper - security update
2015-01-25 00:00:00
jasper - security update
2015-01-28 00:00:00
jasper - security update
2014-12-20 00:00:00
cert
cert
JasPer memory corruption vulnerabilities
2011-12-08 00:00:00
mageia
mageia
Updated jasper packages fix security vulnerabilities
2015-01-24 17:32:04
Updated jasper packages fix security vulnerabilities
2014-12-19 18:06:35

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.457 Medium

EPSS

Percentile

97.4%

JSON
Related for SSA-2015-302-02
openvas64nessus69redhat5fedora17gentoo3securityvulns5archlinux2ubuntu4freebsd2veracode3oraclelinux3centos3amazon2debian7suse3osv4cert1mageia2