Oval Definition:oval:com.redhat.rhsa:def:20171208
Revision Date:2017-05-09Version:639
Title:RHSA-2017:1208: jasper security update (Important)
Description:JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es):

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.
Family:unixClass:patch
Status:Reference(s):CVE-2015-5203
CVE-2015-5221
CVE-2016-10248
CVE-2016-10249
CVE-2016-10251
CVE-2016-1577
CVE-2016-1867
CVE-2016-2089
CVE-2016-2116
CVE-2016-8654
CVE-2016-8690
CVE-2016-8691
CVE-2016-8692
CVE-2016-8693
CVE-2016-8883
CVE-2016-8884
CVE-2016-8885
CVE-2016-9262
CVE-2016-9387
CVE-2016-9388
CVE-2016-9389
CVE-2016-9390
CVE-2016-9391
CVE-2016-9392
CVE-2016-9393
CVE-2016-9394
CVE-2016-9560
CVE-2016-9583
CVE-2016-9591
CVE-2016-9600
RHSA-2017:1208
RHSA-2017:1208-00
RHSA-2017:1208-01
Platform(s):Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • jasper is earlier than 0:1.900.1-30.el7_3
  • AND jasper is signed with Red Hat redhatrelease2 key
  • jasper-devel is earlier than 0:1.900.1-30.el7_3
  • AND jasper-devel is signed with Red Hat redhatrelease2 key
  • jasper-libs is earlier than 0:1.900.1-30.el7_3
  • AND jasper-libs is signed with Red Hat redhatrelease2 key
  • jasper-utils is earlier than 0:1.900.1-30.el7_3
  • AND jasper-utils is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • jasper is earlier than 0:1.900.1-21.el6_9
  • AND jasper is signed with Red Hat redhatrelease2 key
  • jasper-devel is earlier than 0:1.900.1-21.el6_9
  • AND jasper-devel is signed with Red Hat redhatrelease2 key
  • jasper-libs is earlier than 0:1.900.1-21.el6_9
  • AND jasper-libs is signed with Red Hat redhatrelease2 key
  • jasper-utils is earlier than 0:1.900.1-21.el6_9
  • AND jasper-utils is signed with Red Hat redhatrelease2 key
    • BACK