USN-3295-1: JasPer vulnerabilities

Discussion in 'Security' started by Ubuntu Security Notices, May 19, 2017.

Thread Status:
This thread is more than 60 days old.
  1. Ubuntu Security Notice USN-3295-1


    18th May, 2017

    jasper vulnerabilities


    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS
    Summary


    Several security issues were fixed in JasPer.

    Software description

    • jasper - Library for manipulating JPEG-2000 files
    Details


    It was discovered that JasPer incorrectly handled certain malformed
    JPEG-2000 image files. If a user or automated system using JasPer were
    tricked into opening a specially crafted image, an attacker could exploit
    this to cause a denial of service or possibly execute code with the
    privileges of the user invoking the program.

    Update instructions


    The problem can be corrected by updating your system to the following package version:

    Ubuntu 16.04 LTS:
    libjasper1 1.900.1-debian1-2.4ubuntu1.1
    Ubuntu 14.04 LTS:
    libjasper1 1.900.1-14ubuntu3.4

    To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary changes.

    References


    CVE-2016-10249, CVE-2016-10251, CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560, CVE-2016-9591

    Continue reading...
     
Thread Status:
This thread is more than 60 days old.

Share This Page