Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871813
Category:Red Hat Local Security Checks
Title:RedHat Update for jasper RHSA-2017:1208-01
Summary:The remote host is missing an update for the 'jasper'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'jasper'
package(s) announced via the referenced advisory.

Vulnerability Insight:
JasPer is an implementation of Part 1 of the
JPEG 2000 image compression standard.

Security Fix(es):

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash
or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560,
CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690,
CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash.
(CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692,
CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390,
CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583,
CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Red Hat would like to thank Liu Bingchang (IIE) for reporting
CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600 Gustavo
Grieco for reporting CVE-2015-5203 and Josselin Feist for reporting
CVE-2015-5221.

Affected Software/OS:
jasper on
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5203
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/
https://security.gentoo.org/glsa/201707-07
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
http://www.openwall.com/lists/oss-security/2015/08/16/2
RedHat Security Advisories: RHSA-2017:1208
https://access.redhat.com/errata/RHSA-2017:1208
SuSE Security Announcement: openSUSE-SU-2016:2722 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html
SuSE Security Announcement: openSUSE-SU-2016:2737 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html
SuSE Security Announcement: openSUSE-SU-2016:2833 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html
https://usn.ubuntu.com/3693-1/
Common Vulnerability Exposure (CVE) ID: CVE-2015-5221
http://www.openwall.com/lists/oss-security/2015/08/20/4
Common Vulnerability Exposure (CVE) ID: CVE-2016-1577
BugTraq ID: 84133
http://www.securityfocus.com/bid/84133
Debian Security Information: DSA-3508 (Google Search)
http://www.debian.org/security/2016/dsa-3508
http://www.openwall.com/lists/oss-security/2016/03/03/12
http://www.ubuntu.com/usn/USN-2919-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1867
BugTraq ID: 81488
http://www.securityfocus.com/bid/81488
Debian Security Information: DSA-3785 (Google Search)
http://www.debian.org/security/2017/dsa-3785
http://www.openwall.com/lists/oss-security/2016/01/13/2
http://www.openwall.com/lists/oss-security/2016/01/13/6
Common Vulnerability Exposure (CVE) ID: CVE-2016-2089
BugTraq ID: 83108
http://www.securityfocus.com/bid/83108
http://www.openwall.com/lists/oss-security/2016/01/28/6
http://www.openwall.com/lists/oss-security/2016/01/28/4
SuSE Security Announcement: openSUSE-SU-2016:0408 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html
SuSE Security Announcement: openSUSE-SU-2016:0413 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2116
Common Vulnerability Exposure (CVE) ID: CVE-2016-8654
BugTraq ID: 94583
http://www.securityfocus.com/bid/94583
https://www.debian.org/security/2017/dsa-3785
Common Vulnerability Exposure (CVE) ID: CVE-2016-8690
BugTraq ID: 93590
http://www.securityfocus.com/bid/93590
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
http://www.openwall.com/lists/oss-security/2016/08/23/6
http://www.openwall.com/lists/oss-security/2016/10/16/14
Common Vulnerability Exposure (CVE) ID: CVE-2016-8691
BugTraq ID: 93593
http://www.securityfocus.com/bid/93593
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
Common Vulnerability Exposure (CVE) ID: CVE-2016-8692
BugTraq ID: 93588
http://www.securityfocus.com/bid/93588
Common Vulnerability Exposure (CVE) ID: CVE-2016-8693
BugTraq ID: 93587
http://www.securityfocus.com/bid/93587
https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
Common Vulnerability Exposure (CVE) ID: CVE-2016-8883
BugTraq ID: 95865
http://www.securityfocus.com/bid/95865
http://www.openwall.com/lists/oss-security/2016/10/17/1
http://www.openwall.com/lists/oss-security/2016/10/23/8
Common Vulnerability Exposure (CVE) ID: CVE-2016-8884
BugTraq ID: 93834
http://www.securityfocus.com/bid/93834
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/
http://www.openwall.com/lists/oss-security/2016/10/23/1
http://www.openwall.com/lists/oss-security/2016/10/23/9
Common Vulnerability Exposure (CVE) ID: CVE-2016-8885
https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
http://www.openwall.com/lists/oss-security/2016/10/23/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-9262
BugTraq ID: 94224
http://www.securityfocus.com/bid/94224
https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
http://www.openwall.com/lists/oss-security/2016/11/10/4
Common Vulnerability Exposure (CVE) ID: CVE-2016-9387
BugTraq ID: 94374
http://www.securityfocus.com/bid/94374
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
http://www.openwall.com/lists/oss-security/2016/11/17/1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9388
BugTraq ID: 94371
http://www.securityfocus.com/bid/94371
Common Vulnerability Exposure (CVE) ID: CVE-2016-9389
Common Vulnerability Exposure (CVE) ID: CVE-2016-9390
Common Vulnerability Exposure (CVE) ID: CVE-2016-9391
Common Vulnerability Exposure (CVE) ID: CVE-2016-9392
BugTraq ID: 94377
http://www.securityfocus.com/bid/94377
Common Vulnerability Exposure (CVE) ID: CVE-2016-9393
Common Vulnerability Exposure (CVE) ID: CVE-2016-9394
BugTraq ID: 94372
http://www.securityfocus.com/bid/94372
Common Vulnerability Exposure (CVE) ID: CVE-2016-9560
BugTraq ID: 94428
http://www.securityfocus.com/bid/94428
https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560
http://www.openwall.com/lists/oss-security/2016/11/20/1
http://www.openwall.com/lists/oss-security/2016/11/23/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-9583
BugTraq ID: 94925
http://www.securityfocus.com/bid/94925
Common Vulnerability Exposure (CVE) ID: CVE-2016-9591
BugTraq ID: 94952
http://www.securityfocus.com/bid/94952
Debian Security Information: DSA-3827 (Google Search)
https://www.debian.org/security/2017/dsa-3827
Common Vulnerability Exposure (CVE) ID: CVE-2016-9600
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.