Oval Definition:oval:org.opensuse.security:def:74600
Revision Date:2020-12-01Version:1
Title:Security update for jasper (Moderate)
Description:

This update for jasper fixes the following issues:

- CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).

This update was imported from the SUSE:SLE-15:Update update project.
Family:unixClass:patch
Status:Reference(s):1010979
1010980
1020451
1020456
1020458
1020460
1045450
1057152
1088278
1114498
1115637
1117328
1120805
1120807
1154302
CVE-2016-9398
CVE-2016-9399
CVE-2017-14132
CVE-2017-5499
CVE-2017-5503
CVE-2017-5504
CVE-2017-5505
CVE-2017-9782
CVE-2018-18873
CVE-2018-19139
CVE-2018-19543
CVE-2018-20570
CVE-2018-20622
CVE-2018-9252
CVE-2019-3692
openSUSE-SU-2020:0234-1
openSUSE-SU-2020:1517-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • jasper-2.0.14-lp151.4.9 is installed
  • OR libjasper-devel-2.0.14-lp151.4.9 is installed
  • OR libjasper4-2.0.14-lp151.4.9 is installed
  • OR libjasper4-32bit-2.0.14-lp151.4.9 is installed
    • BACK