Test ID:	1.3.6.1.4.1.25623.1.0.63368
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0012
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0012.;;The netpbm package contains a library of functions for editing and;converting between various graphics file formats, including .pbm (portable;bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable;pixmaps), and others.;;An input validation flaw and multiple integer overflows were discovered in;the JasPer library providing support for JPEG-2000 image format and used in;the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a;carefully-crafted JPEG file which could cause jpeg2ktopam to crash or,;possibly, execute arbitrary code as the user running jpeg2ktopam.;(CVE-2007-2721, CVE-2008-3520);;All users are advised to upgrade to these updated packages which contain;backported patches which resolve these issues.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0012. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2721 BugTraq ID: 24052 http://www.securityfocus.com/bid/24052 Debian Security Information: DSA-2036 (Google Search) http://www.debian.org/security/2010/dsa-2036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:129 http://www.mandriva.com/security/advisories?name=MDKSA-2007:208 http://www.mandriva.com/security/advisories?name=MDKSA-2007:209 http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 http://osvdb.org/36137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397 http://www.redhat.com/support/errata/RHSA-2009-0012.html http://secunia.com/advisories/25287 http://secunia.com/advisories/25703 http://secunia.com/advisories/26516 http://secunia.com/advisories/27319 http://secunia.com/advisories/27489 http://secunia.com/advisories/39505 http://www.ubuntu.com/usn/usn-501-1 http://www.ubuntu.com/usn/usn-501-2 http://www.vupen.com/english/advisories/2010/0912 Common Vulnerability Exposure (CVE) ID: CVE-2008-3520 BugTraq ID: 31470 http://www.securityfocus.com/bid/31470 http://security.gentoo.org/glsa/glsa-200812-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 http://bugs.gentoo.org/show_bug.cgi?id=222819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141 RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/33173 http://secunia.com/advisories/34391 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 http://www.ubuntu.com/usn/USN-742-1 XForce ISS Database: jasper-image-file-bo(45621) https://exchange.xforce.ibmcloud.com/vulnerabilities/45621
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.