Home / vulnerabilitiesPDF  

Mandriva Linux Security Advisory 2015-034

Posted on 10 February 2015
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:034
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : jasper
Date : February 6, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated jasper packages fix security vulnerabilities:

An off-by-one flaw, leading to a heap-based buffer overflow, was found
in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly,
execute arbitrary code (CVE-2014-8157).

An unrestricted stack memory use flaw was found in the way JasPer
decoded JPEG 2000 image files. A specially crafted file could cause
an application using JasPer to crash or, possibly, execute arbitrary
code (CVE-2014-8158).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158
http://advisories.mageia.org/MGASA-2015-0038.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
073aa6d28b369d5b24502044a461ac9d mbs1/x86_64/jasper-1.900.1-14.3.mbs1.x86_64.rpm
763531005b8a9a40c18805d8abbb439a mbs1/x86_64/lib64jasper1-1.900.1-14.3.mbs1.x86_64.rpm
d1314e0425ebf78ed4083d57351f67f1 mbs1/x86_64/lib64jasper-devel-1.900.1-14.3.mbs1.x86_64.rpm
a1030ae32d7e3e7735749cbd3335650c mbs1/x86_64/lib64jasper-static-devel-1.900.1-14.3.mbs1.x86_64.rpm
d912dd8f4ddf008098d9d666ec7e14e7 mbs1/SRPMS/jasper-1.900.1-14.3.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU1If9mqjQ0CJFipgRAjuTAKDGFekty4m/ibVUq7TOyu6IYGQxBwCgzO+c
3eg09Q5NQ+Gz/HZOLcnANvU=
=Nfko
-----END PGP SIGNATURE-----

 

TOP