USN-3295-1: JasPer vulnerabilities

Discussion in 'Security' started by Ubuntu Security Notices, May 19, 2017.

Thread Status:
This thread is more than 60 days old.
  1. Ubuntu Security Notice USN-3295-1

    18th May, 2017

    jasper vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Several security issues were fixed in JasPer.

    Software description

    • jasper - Library for manipulating JPEG-2000 files

    It was discovered that JasPer incorrectly handled certain malformed
    JPEG-2000 image files. If a user or automated system using JasPer were
    tricked into opening a specially crafted image, an attacker could exploit
    this to cause a denial of service or possibly execute code with the
    privileges of the user invoking the program.

    Update instructions

    The problem can be corrected by updating your system to the following package version:

    Ubuntu 16.04 LTS:
    libjasper1 1.900.1-debian1-2.4ubuntu1.1
    Ubuntu 14.04 LTS:
    libjasper1 1.900.1-14ubuntu3.4

    To update your system, please follow these instructions:

    In general, a standard system update will make all the necessary changes.


    CVE-2016-10249, CVE-2016-10251, CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560, CVE-2016-9591

    Continue reading...
Thread Status:
This thread is more than 60 days old.

Share This Page