Oval Definition:oval:org.opensuse.security:def:57375
Revision Date:2020-12-01Version:1
Title:Security update for jasper
Description:



This update for jasper fixes the following security issues:

*

CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474)

*

CVE-2014-8138: Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475)

*

CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837)

*

CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837)

Security Issues:

* CVE-2014-8138 * CVE-2014-8137 * CVE-2014-8157 * CVE-2014-8158

Family:unixClass:patch
Status:Reference(s):1017711
1017712
1040202
1057389
1068032
1068613
1070144
1071228
1073489
1076017
1076114
1076179
1076366
1076775
1076814
1081493
1082276
1082858
1083291
1083488
1085114
1085447
1085598
1092548
1101410
1101412
1101654
1103040
1111331
1127080
1127532
1127533
1144903
1153108
1153158
1153161
1168422
1177914
909474
909475
911837
959888
CVE-2007-4129
CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2014-8137
CVE-2014-8138
CVE-2015-7575
CVE-2016-9941
CVE-2016-9942
CVE-2017-1000251
CVE-2017-13166
CVE-2017-15119
CVE-2017-15124
CVE-2017-16845
CVE-2017-17381
CVE-2017-18030
CVE-2017-18043
CVE-2017-5715
CVE-2018-0360
CVE-2018-0361
CVE-2018-1000004
CVE-2018-1000085
CVE-2018-1068
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-14679
CVE-2018-2579
CVE-2018-2588
CVE-2018-2599
CVE-2018-2602
CVE-2018-2603
CVE-2018-2618
CVE-2018-2629
CVE-2018-2633
CVE-2018-2634
CVE-2018-2637
CVE-2018-2641
CVE-2018-2663
CVE-2018-2677
CVE-2018-2678
CVE-2018-5150
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5168
CVE-2018-5174
CVE-2018-5178
CVE-2018-5183
CVE-2018-5683
CVE-2018-7225
CVE-2018-7550
CVE-2018-7566
CVE-2019-10220
CVE-2019-11091
CVE-2019-1559
CVE-2019-17133
CVE-2019-5737
CVE-2019-5739
CVE-2020-15999
CVE-2020-3898
SUSE-SU-2015:0258-1
SUSE-SU-2016:0189-1
SUSE-SU-2017:2521-1
SUSE-SU-2018:0661-1
SUSE-SU-2018:0830-1
SUSE-SU-2018:0831-1
SUSE-SU-2018:1034-1
SUSE-SU-2018:1334-1
SUSE-SU-2018:2323-1
SUSE-SU-2019:0818-1
SUSE-SU-2019:1954-1
SUSE-SU-2019:2829-1
SUSE-SU-2020:1045-1
SUSE-SU-2020:2998-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND hardlink-1.0+git.e66999f-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cron-4.2-lp151.4.3 is installed
  • OR cronie-1.5.1-lp151.4.3 is installed
  • OR cronie-anacron-1.5.1-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • libjasper-1.900.1-134.17 is installed
  • OR libjasper-32bit-1.900.1-134.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_63-default-4-2 is installed
  • OR kgraft-patch-3_12_74-60_64_63-xen-4-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_22-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND coolkey-1.1.0-147 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.181-27.26 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.181-27.26 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.181-27.26 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.181-27.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND clamav-0.100.1-33.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND dstat-0.7.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed
  • OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed
  • OR webkit2gtk3-2.28.3-2.56 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • qemu-2.9.1-6.22 is installed
  • OR qemu-block-curl-2.9.1-6.22 is installed
  • OR qemu-block-iscsi-2.9.1-6.22 is installed
  • OR qemu-block-rbd-2.9.1-6.22 is installed
  • OR qemu-block-ssh-2.9.1-6.22 is installed
  • OR qemu-guest-agent-2.9.1-6.22 is installed
  • OR qemu-ipxe-1.0.0+-6.22 is installed
  • OR qemu-kvm-2.9.1-6.22 is installed
  • OR qemu-lang-2.9.1-6.22 is installed
  • OR qemu-seabios-1.10.2-6.22 is installed
  • OR qemu-sgabios-8-6.22 is installed
  • OR qemu-tools-2.9.1-6.22 is installed
  • OR qemu-vgabios-1.10.2-6.22 is installed
  • OR qemu-x86-2.9.1-6.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • augeas-1.2.0-17.3 is installed
  • OR augeas-lenses-1.2.0-17.3 is installed
  • OR libaugeas0-1.2.0-17.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • MozillaFirefox-52.8.0esr-109.31 is installed
  • OR MozillaFirefox-devel-52.8.0esr-109.31 is installed
  • OR MozillaFirefox-translations-52.8.0esr-109.31 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND python-cryptography-2.0.3-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libmysqlclient18-10.0.40.4-29.41 is installed
  • OR mariadb-10.0.40.4-29.41 is installed
    • BACK