Oval Definition:oval:com.redhat.rhsa:def:20111807
Revision Date:2011-12-09Version:636
Title:RHSA-2011:1807: jasper security update (Important)
Description:JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

  • Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517)

    Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting these issues.

    Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. All applications using the JasPer libraries (such as Nautilus) must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-4516
    CVE-2011-4517
    CVE-2016-8880
    CVE-2016-8881
    RHSA-2011:1807
    RHSA-2011:1807-01
    RHSA-2011:1807-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • jasper is earlier than 0:1.900.1-15.el6_1.1
  • AND jasper is signed with Red Hat redhatrelease2 key
  • jasper-devel is earlier than 0:1.900.1-15.el6_1.1
  • AND jasper-devel is signed with Red Hat redhatrelease2 key
  • jasper-libs is earlier than 0:1.900.1-15.el6_1.1
  • AND jasper-libs is signed with Red Hat redhatrelease2 key
  • jasper-utils is earlier than 0:1.900.1-15.el6_1.1
  • AND jasper-utils is signed with Red Hat redhatrelease2 key
    • BACK