ID de Prueba:	1.3.6.1.4.1.25623.1.0.120452
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-466)
Resumen:	The remote host is missing an update for the 'jasper' package(s) announced via the ALAS-2015-466 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the ALAS-2015-466 advisory. Vulnerability Insight: Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) Affected Software/OS: 'jasper' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8137 BugTraq ID: 71742 http://www.securityfocus.com/bid/71742 Debian Security Information: DSA-3106 (Google Search) http://www.debian.org/security/2014/dsa-3106 http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html https://www.ocert.org/advisories/ocert-2014-012.html RedHat Security Advisories: RHSA-2014:2021 http://rhn.redhat.com/errata/RHSA-2014-2021.html RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html RedHat Security Advisories: RHSA-2015:1713 http://rhn.redhat.com/errata/RHSA-2015-1713.html http://www.securitytracker.com/id/1033459 http://secunia.com/advisories/61747 http://secunia.com/advisories/62311 http://secunia.com/advisories/62615 http://secunia.com/advisories/62619 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 SuSE Security Announcement: openSUSE-SU-2015:0038 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:0039 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0042 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html http://www.ubuntu.com/usn/USN-2483-1 http://www.ubuntu.com/usn/USN-2483-2 Common Vulnerability Exposure (CVE) ID: CVE-2014-8138 BugTraq ID: 71746 http://www.securityfocus.com/bid/71746 Common Vulnerability Exposure (CVE) ID: CVE-2014-9029 BugTraq ID: 71476 http://www.securityfocus.com/bid/71476 Bugtraq: 20141204 [oCERT-2014-009] JasPer input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/534153/100/0/threaded Debian Security Information: DSA-3089 (Google Search) http://www.debian.org/security/2014/dsa-3089 http://www.mandriva.com/security/advisories?name=MDVSA-2014:247 http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html http://www.ocert.org/advisories/ocert-2014-009.html http://www.openwall.com/lists/oss-security/2014/12/04/9 http://secunia.com/advisories/62828 http://www.ubuntu.com/usn/USN-2434-1 http://www.ubuntu.com/usn/USN-2434-2 XForce ISS Database: jasper-cve20149029-bo(99125) https://exchange.xforce.ibmcloud.com/vulnerabilities/99125
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.