Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0539)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0539

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0539)

Resumen: The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2014-0539 advisory.

Descripción: Summary:
The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2014-0539 advisory.

Vulnerability Insight:
Updated jasper packages fix security vulnerabilities:

A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137).

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138).

Affected Software/OS:
'jasper' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8137
BugTraq ID: 71742
http://www.securityfocus.com/bid/71742
Debian Security Information: DSA-3106 (Google Search)
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
https://www.ocert.org/advisories/ocert-2014-012.html
RedHat Security Advisories: RHSA-2014:2021
http://rhn.redhat.com/errata/RHSA-2014-2021.html
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
RedHat Security Advisories: RHSA-2015:1713
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://www.securitytracker.com/id/1033459
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
SuSE Security Announcement: openSUSE-SU-2015:0038 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
SuSE Security Announcement: openSUSE-SU-2015:0039 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
SuSE Security Announcement: openSUSE-SU-2015:0042 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://www.ubuntu.com/usn/USN-2483-1
http://www.ubuntu.com/usn/USN-2483-2
Common Vulnerability Exposure (CVE) ID: CVE-2014-8138
BugTraq ID: 71746
http://www.securityfocus.com/bid/71746

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0539
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0539)
Resumen:	The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2014-0539 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2014-0539 advisory. Vulnerability Insight: Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137). A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138). Affected Software/OS: 'jasper' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8137 BugTraq ID: 71742 http://www.securityfocus.com/bid/71742 Debian Security Information: DSA-3106 (Google Search) http://www.debian.org/security/2014/dsa-3106 http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html https://www.ocert.org/advisories/ocert-2014-012.html RedHat Security Advisories: RHSA-2014:2021 http://rhn.redhat.com/errata/RHSA-2014-2021.html RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html RedHat Security Advisories: RHSA-2015:1713 http://rhn.redhat.com/errata/RHSA-2015-1713.html http://www.securitytracker.com/id/1033459 http://secunia.com/advisories/61747 http://secunia.com/advisories/62311 http://secunia.com/advisories/62615 http://secunia.com/advisories/62619 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 SuSE Security Announcement: openSUSE-SU-2015:0038 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:0039 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0042 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html http://www.ubuntu.com/usn/USN-2483-1 http://www.ubuntu.com/usn/USN-2483-2 Common Vulnerability Exposure (CVE) ID: CVE-2014-8138 BugTraq ID: 71746 http://www.securityfocus.com/bid/71746
Copyright	Copyright (C) 2022 Greenbone AG