Oval Definition:oval:org.opensuse.security:def:58499
Revision Date:2020-12-01Version:1
Title:Security update for jasper (Moderate)
Description:

This update for jasper fixes the following issues:

Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958)

CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756)
Family:unixClass:patch
Status:Reference(s):1009994
1010756
1010757
1010766
1010774
1010782
1010968
1010975
1019416
1024416
1027147
1047958
1049379
1050135
1052249
1052253
1052545
1053431
1054924
1055219
1055430
1061873
1067841
1067844
1076366
1083125
1083630
1085447
1085449
1090368
1090646
1090869
1093311
1096723
1102682
1105323
1106191
1129180
1131863
1134156
1139959
1140122
1140359
1146882
1146884
1170715
1170771
1172698
1172704
1174157
1174662
993692
993707
CVE-2016-7530
CVE-2016-9262
CVE-2016-9388
CVE-2016-9389
CVE-2016-9390
CVE-2016-9391
CVE-2016-9392
CVE-2016-9393
CVE-2016-9394
CVE-2017-1000050
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10115
CVE-2017-10116
CVE-2017-10125
CVE-2017-10243
CVE-2017-11446
CVE-2017-11534
CVE-2017-12428
CVE-2017-12431
CVE-2017-12433
CVE-2017-12627
CVE-2017-13133
CVE-2017-13139
CVE-2017-13166
CVE-2017-15033
CVE-2017-15098
CVE-2017-15099
CVE-2017-2619
CVE-2018-1000026
CVE-2018-1087
CVE-2018-10902
CVE-2018-10938
CVE-2018-1417
CVE-2018-2579
CVE-2018-2582
CVE-2018-2588
CVE-2018-2599
CVE-2018-2602
CVE-2018-2603
CVE-2018-2618
CVE-2018-2629
CVE-2018-2633
CVE-2018-2634
CVE-2018-2637
CVE-2018-2641
CVE-2018-2663
CVE-2018-2677
CVE-2018-2678
CVE-2018-2783
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-5390
CVE-2018-8781
CVE-2018-8897
CVE-2019-12973
CVE-2019-13012
CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817
CVE-2019-3835
CVE-2019-3839
CVE-2020-12243
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-8023
CVE-2020-9862
CVE-2020-9893
CVE-2020-9894
CVE-2020-9895
CVE-2020-9915
CVE-2020-9925
SUSE-SU-2017:0859-1
SUSE-SU-2017:1916-1
SUSE-SU-2017:2263-1
SUSE-SU-2017:2949-1
SUSE-SU-2017:3391-1
SUSE-SU-2018:0663-1
SUSE-SU-2018:1524-1
SUSE-SU-2018:1764-2
SUSE-SU-2019:1830-1
SUSE-SU-2020:1193-1
SUSE-SU-2020:2861-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libICE6-1.0.9-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libxslt-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed
  • OR libxslt-python-1.1.32-lp151.3.3 is installed
  • OR libxslt-tools-1.1.32-lp151.3.3 is installed
  • OR libxslt1-1.1.32-lp151.3.3 is installed
  • OR libxslt1-32bit-1.1.32-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • jasper-1.900.14-195.3 is installed
  • OR libjasper1-1.900.14-195.3 is installed
  • OR libjasper1-32bit-1.900.14-195.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • ghostscript-9.27-23.28 is installed
  • OR ghostscript-x11-9.27-23.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_74-92_32-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_11-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • grub2-2.02-2 is installed
  • OR grub2-arm64-efi-2.02-2 is installed
  • OR grub2-i386-pc-2.02-2 is installed
  • OR grub2-powerpc-ieee1275-2.02-2 is installed
  • OR grub2-s390x-emu-2.02-2 is installed
  • OR grub2-snapper-plugin-2.02-2 is installed
  • OR grub2-systemd-sleep-plugin-2.02-2 is installed
  • OR grub2-x86_64-efi-2.02-2 is installed
  • OR grub2-x86_64-xen-2.02-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • xen-4.9.4_04-3.56 is installed
  • OR xen-doc-html-4.9.4_04-3.56 is installed
  • OR xen-libs-4.9.4_04-3.56 is installed
  • OR xen-libs-32bit-4.9.4_04-3.56 is installed
  • OR xen-tools-4.9.4_04-3.56 is installed
  • OR xen-tools-domU-4.9.4_04-3.56 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_100-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • MozillaFirefox-68.3.0-109.98 is installed
  • OR MozillaFirefox-translations-common-68.3.0-109.98 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • freeradius-server-3.0.15-2.11 is installed
  • OR freeradius-server-doc-3.0.15-2.11 is installed
  • OR freeradius-server-krb5-3.0.15-2.11 is installed
  • OR freeradius-server-ldap-3.0.15-2.11 is installed
  • OR freeradius-server-libs-3.0.15-2.11 is installed
  • OR freeradius-server-mysql-3.0.15-2.11 is installed
  • OR freeradius-server-perl-3.0.15-2.11 is installed
  • OR freeradius-server-postgresql-3.0.15-2.11 is installed
  • OR freeradius-server-python-3.0.15-2.11 is installed
  • OR freeradius-server-sqlite-3.0.15-2.11 is installed
  • OR freeradius-server-utils-3.0.15-2.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gtk2-data-2.24.31-7 is installed
  • OR gtk2-lang-2.24.31-7 is installed
  • OR gtk2-tools-2.24.31-7 is installed
  • OR gtk2-tools-32bit-2.24.31-7 is installed
  • OR libgtk-2_0-0-2.24.31-7 is installed
  • OR libgtk-2_0-0-32bit-2.24.31-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • tomcat-9.0.36-3.42 is installed
  • OR tomcat-admin-webapps-9.0.36-3.42 is installed
  • OR tomcat-docs-webapp-9.0.36-3.42 is installed
  • OR tomcat-el-3_0-api-9.0.36-3.42 is installed
  • OR tomcat-javadoc-9.0.36-3.42 is installed
  • OR tomcat-jsp-2_3-api-9.0.36-3.42 is installed
  • OR tomcat-lib-9.0.36-3.42 is installed
  • OR tomcat-servlet-4_0-api-9.0.36-3.42 is installed
  • OR tomcat-webapps-9.0.36-3.42 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libvirt-3.3.0-5.40 is installed
  • OR libvirt-admin-3.3.0-5.40 is installed
  • OR libvirt-client-3.3.0-5.40 is installed
  • OR libvirt-daemon-3.3.0-5.40 is installed
  • OR libvirt-daemon-config-network-3.3.0-5.40 is installed
  • OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-network-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed
  • OR libvirt-daemon-hooks-3.3.0-5.40 is installed
  • OR libvirt-daemon-lxc-3.3.0-5.40 is installed
  • OR libvirt-daemon-qemu-3.3.0-5.40 is installed
  • OR libvirt-daemon-xen-3.3.0-5.40 is installed
  • OR libvirt-doc-3.3.0-5.40 is installed
  • OR libvirt-libs-3.3.0-5.40 is installed
  • OR libvirt-lock-sanlock-3.3.0-5.40 is installed
  • OR libvirt-nss-3.3.0-5.40 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libpcap-1.8.1-10.3 is installed
  • OR libpcap1-1.8.1-10.3 is installed
  • OR tcpdump-4.9.2-14.14 is installed
    • BACK