Synopsis: Important: jasper security update
Advisory ID: SLSA-2015:0074-1
Issue Date: 2015-01-22
CVE Numbers: CVE-2014-8157
CVE-2014-8158
—
An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8157)
An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8158)
All applications using the JasPer libraries must be restarted for the
update to take effect.
—
SL6
x86_64
jasper-1.900.1-16.el6_6.3.x86_64.rpm
jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm
jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm
jasper-libs-1.900.1-16.el6_6.3.i686.rpm
jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm
jasper-devel-1.900.1-16.el6_6.3.i686.rpm
jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm
jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm
i386
jasper-1.900.1-16.el6_6.3.i686.rpm
jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm
jasper-libs-1.900.1-16.el6_6.3.i686.rpm
jasper-devel-1.900.1-16.el6_6.3.i686.rpm
jasper-utils-1.900.1-16.el6_6.3.i686.rpm
SL7
x86_64
jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm
jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm
jasper-libs-1.900.1-26.el7_0.3.i686.rpm
jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm
jasper-1.900.1-26.el7_0.3.x86_64.rpm
jasper-devel-1.900.1-26.el7_0.3.i686.rpm
jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm
jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm
– Scientific Linux Development Team
