Test ID:	1.3.6.1.4.1.25623.1.0.871813
Category:	Red Hat Local Security Checks
Title:	RedHat Update for jasper RHSA-2017:1208-01
Summary:	The remote host is missing an update for the 'jasper'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the referenced advisory. Vulnerability Insight: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600 Gustavo Grieco for reporting CVE-2015-5203 and Josselin Feist for reporting CVE-2015-5221. Affected Software/OS: jasper on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5203 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/ https://security.gentoo.org/glsa/201707-07 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html http://www.openwall.com/lists/oss-security/2015/08/16/2 RedHat Security Advisories: RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208 SuSE Security Announcement: openSUSE-SU-2016:2722 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:2737 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:2833 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html https://usn.ubuntu.com/3693-1/ Common Vulnerability Exposure (CVE) ID: CVE-2015-5221 http://www.openwall.com/lists/oss-security/2015/08/20/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-10248 BugTraq ID: 93797 http://www.securityfocus.com/bid/93797 https://blogs.gentoo.org/ago/2016/10/20/jasper-null-pointer-dereference-in-jpc_tsfb_synthesize-jpc_tsfb-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10249 BugTraq ID: 93838 http://www.securityfocus.com/bid/93838 Debian Security Information: DSA-3827 (Google Search) http://www.debian.org/security/2017/dsa-3827 https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10251 BugTraq ID: 97584 http://www.securityfocus.com/bid/97584 https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/ https://www.oracle.com/security-alerts/cpuapr2020.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1577 BugTraq ID: 84133 http://www.securityfocus.com/bid/84133 Debian Security Information: DSA-3508 (Google Search) http://www.debian.org/security/2016/dsa-3508 http://www.openwall.com/lists/oss-security/2016/03/03/12 http://www.ubuntu.com/usn/USN-2919-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1867 BugTraq ID: 81488 http://www.securityfocus.com/bid/81488 Debian Security Information: DSA-3785 (Google Search) http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/01/13/2 http://www.openwall.com/lists/oss-security/2016/01/13/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-2089 BugTraq ID: 83108 http://www.securityfocus.com/bid/83108 http://www.openwall.com/lists/oss-security/2016/01/28/6 http://www.openwall.com/lists/oss-security/2016/01/28/4 SuSE Security Announcement: openSUSE-SU-2016:0408 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html SuSE Security Announcement: openSUSE-SU-2016:0413 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2116 Common Vulnerability Exposure (CVE) ID: CVE-2016-8654 BugTraq ID: 94583 http://www.securityfocus.com/bid/94583 https://www.debian.org/security/2017/dsa-3785 Common Vulnerability Exposure (CVE) ID: CVE-2016-8690 BugTraq ID: 93590 http://www.securityfocus.com/bid/93590 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/ http://www.openwall.com/lists/oss-security/2016/08/23/6 http://www.openwall.com/lists/oss-security/2016/10/16/14 Common Vulnerability Exposure (CVE) ID: CVE-2016-8691 BugTraq ID: 93593 http://www.securityfocus.com/bid/93593 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/ https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8692 BugTraq ID: 93588 http://www.securityfocus.com/bid/93588 Common Vulnerability Exposure (CVE) ID: CVE-2016-8693 BugTraq ID: 93587 http://www.securityfocus.com/bid/93587 https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8883 BugTraq ID: 95865 http://www.securityfocus.com/bid/95865 http://www.openwall.com/lists/oss-security/2016/10/17/1 http://www.openwall.com/lists/oss-security/2016/10/23/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-8884 BugTraq ID: 93834 http://www.securityfocus.com/bid/93834 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/ http://www.openwall.com/lists/oss-security/2016/10/23/1 http://www.openwall.com/lists/oss-security/2016/10/23/9 Common Vulnerability Exposure (CVE) ID: CVE-2016-8885 https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690 http://www.openwall.com/lists/oss-security/2016/10/23/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-9262 BugTraq ID: 94224 http://www.securityfocus.com/bid/94224 https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c http://www.openwall.com/lists/oss-security/2016/11/10/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-9387 BugTraq ID: 94374 http://www.securityfocus.com/bid/94374 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure http://www.openwall.com/lists/oss-security/2016/11/17/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-9388 BugTraq ID: 94371 http://www.securityfocus.com/bid/94371 Common Vulnerability Exposure (CVE) ID: CVE-2016-9389 Common Vulnerability Exposure (CVE) ID: CVE-2016-9390 Common Vulnerability Exposure (CVE) ID: CVE-2016-9391 Common Vulnerability Exposure (CVE) ID: CVE-2016-9392 BugTraq ID: 94377 http://www.securityfocus.com/bid/94377 Common Vulnerability Exposure (CVE) ID: CVE-2016-9393 Common Vulnerability Exposure (CVE) ID: CVE-2016-9394 BugTraq ID: 94372 http://www.securityfocus.com/bid/94372 Common Vulnerability Exposure (CVE) ID: CVE-2016-9560 BugTraq ID: 94428 http://www.securityfocus.com/bid/94428 https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/ https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 http://www.openwall.com/lists/oss-security/2016/11/20/1 http://www.openwall.com/lists/oss-security/2016/11/23/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-9583 BugTraq ID: 94925 http://www.securityfocus.com/bid/94925 Common Vulnerability Exposure (CVE) ID: CVE-2016-9591 BugTraq ID: 94952 http://www.securityfocus.com/bid/94952 https://www.debian.org/security/2017/dsa-3827 Common Vulnerability Exposure (CVE) ID: CVE-2016-9600
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.