Test ID:	1.3.6.1.4.1.25623.1.0.843570
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3693-1)
Summary:	The remote host is missing an update for the 'jasper' package(s) announced via the USN-3693-1 advisory.
Description:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the USN-3693-1 advisory. Vulnerability Insight: It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Affected Software/OS: 'jasper' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5203 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/ https://security.gentoo.org/glsa/201707-07 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html http://www.openwall.com/lists/oss-security/2015/08/16/2 RedHat Security Advisories: RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208 SuSE Security Announcement: openSUSE-SU-2016:2722 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:2737 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:2833 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html https://usn.ubuntu.com/3693-1/ Common Vulnerability Exposure (CVE) ID: CVE-2015-5221 http://www.openwall.com/lists/oss-security/2015/08/20/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-10248 BugTraq ID: 93797 http://www.securityfocus.com/bid/93797 https://blogs.gentoo.org/ago/2016/10/20/jasper-null-pointer-dereference-in-jpc_tsfb_synthesize-jpc_tsfb-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10250 https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8883 BugTraq ID: 95865 http://www.securityfocus.com/bid/95865 http://www.openwall.com/lists/oss-security/2016/10/17/1 http://www.openwall.com/lists/oss-security/2016/10/23/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-8887 BugTraq ID: 93835 http://www.securityfocus.com/bid/93835 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c http://www.openwall.com/lists/oss-security/2016/10/23/3 http://www.openwall.com/lists/oss-security/2016/10/23/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-9262 BugTraq ID: 94224 http://www.securityfocus.com/bid/94224 https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c http://www.openwall.com/lists/oss-security/2016/11/10/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-9387 BugTraq ID: 94374 http://www.securityfocus.com/bid/94374 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure http://www.openwall.com/lists/oss-security/2016/11/17/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-9388 BugTraq ID: 94371 http://www.securityfocus.com/bid/94371 Common Vulnerability Exposure (CVE) ID: CVE-2016-9389 Common Vulnerability Exposure (CVE) ID: CVE-2016-9390 Common Vulnerability Exposure (CVE) ID: CVE-2016-9391 Common Vulnerability Exposure (CVE) ID: CVE-2016-9392 BugTraq ID: 94377 http://www.securityfocus.com/bid/94377 Common Vulnerability Exposure (CVE) ID: CVE-2016-9393 Common Vulnerability Exposure (CVE) ID: CVE-2016-9394 BugTraq ID: 94372 http://www.securityfocus.com/bid/94372 Common Vulnerability Exposure (CVE) ID: CVE-2016-9396 BugTraq ID: 94379 http://www.securityfocus.com/bid/94379 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ https://bugzilla.redhat.com/show_bug.cgi?id=1485272 RedHat Security Advisories: RHSA-2018:3253 https://access.redhat.com/errata/RHSA-2018:3253 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 SuSE Security Announcement: openSUSE-SU-2019:1315 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9600 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000050 BugTraq ID: 96595 http://www.securityfocus.com/bid/96595 https://security.gentoo.org/glsa/201908-03 http://www.openwall.com/lists/oss-security/2017/03/06/1 Common Vulnerability Exposure (CVE) ID: CVE-2017-6850 https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.