OVMSA-2017-0102

OVMSA-2017-0102 - jasper security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-05-09

Description


[1.900.1-21]
- Bump release

[1.900.1-20]
- Multiple security fixes (fixed by thoger):
CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089
CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692
CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-9262
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391
CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 CVE-2016-9583
CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 CVE-2016-10251
- Fix implicit declaration warning caused by security fixes above

[1.900.1-19]
- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183672)
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680)

[1.900.1-18]
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173567)

[1.900.1-17]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
marker segment decoders (#1171209)


Related CVEs


CVE-2016-10248
CVE-2016-10251
CVE-2016-2089
CVE-2016-2116
CVE-2016-8691
CVE-2016-8885
CVE-2016-9388
CVE-2016-9389
CVE-2016-9390
CVE-2016-9391
CVE-2016-9560
CVE-2016-9583
CVE-2016-9591
CVE-2016-9600
CVE-2015-5203
CVE-2015-5221
CVE-2016-10249
CVE-2016-1577
CVE-2016-1867
CVE-2016-8654
CVE-2016-8690
CVE-2016-8692
CVE-2016-8693
CVE-2016-8883
CVE-2016-8884
CVE-2016-9262
CVE-2016-9387
CVE-2016-9392
CVE-2016-9393
CVE-2016-9394

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.3 (x86_64) jasper-1.900.1-21.el6_9.src.rpmc508c6c99a9ba09783326b86977d3a27-
jasper-libs-1.900.1-21.el6_9.x86_64.rpm20917f585f1bf7026f998bc648f7cdce-
Oracle VM 3.4 (x86_64) jasper-1.900.1-21.el6_9.src.rpmc508c6c99a9ba09783326b86977d3a27-
jasper-libs-1.900.1-21.el6_9.x86_64.rpm20917f585f1bf7026f998bc648f7cdce-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete