Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0113)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0113

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0113)

Resumen: The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2021-0113 advisory.

Descripción: Summary:
The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2021-0113 advisory.

Vulnerability Insight:
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based
buffer over-read when there is an invalid relationship between the number of
channels and the number of image components (CVE-2021-3272).

A flaw was found in jasper. An out of bounds read issue was found in jp2_decode
function which may lead to disclosure of information or program crash
(CVE-2021-26926).

A flaw was found in jasper. A null pointer dereference in jp2_decode in
jp2_dec.c may lead to program crash and denial of service (CVE-2021-26927).

Affected Software/OS:
'jasper' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-26926
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/
https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
https://github.com/jasper-software/jasper/issues/264
Common Vulnerability Exposure (CVE) ID: CVE-2021-26927
https://github.com/jasper-software/jasper/issues/265
Common Vulnerability Exposure (CVE) ID: CVE-2021-3272
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BZFU2F6UW4L2FJE65WJLWGUIELDWCL7/
https://github.com/jasper-software/jasper/issues/259

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0113
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0113)
Resumen:	The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2021-0113 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2021-0113 advisory. Vulnerability Insight: jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode function which may lead to disclosure of information or program crash (CVE-2021-26926). A flaw was found in jasper. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service (CVE-2021-26927). Affected Software/OS: 'jasper' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-26926 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/ https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b https://github.com/jasper-software/jasper/issues/264 Common Vulnerability Exposure (CVE) ID: CVE-2021-26927 https://github.com/jasper-software/jasper/issues/265 Common Vulnerability Exposure (CVE) ID: CVE-2021-3272 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BZFU2F6UW4L2FJE65WJLWGUIELDWCL7/ https://github.com/jasper-software/jasper/issues/259
Copyright	Copyright (C) 2022 Greenbone AG