| Revision Date: | 2020-09-21 | Version: | 1 |
| Title: | Security update for jasper (Moderate) |
| Description: |
This update for jasper fixes the following issues:
- CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1010979
1010980
1020451
1020456
1020458
1020460
1045450
1057152
1088278
1114498
1115637
1117328
1120805
1120807
CVE-2016-9398
CVE-2016-9399
CVE-2017-14132
CVE-2017-5499
CVE-2017-5503
CVE-2017-5504
CVE-2017-5505
CVE-2017-9782
CVE-2018-18873
CVE-2018-19139
CVE-2018-19543
CVE-2018-20570
CVE-2018-20622
CVE-2018-9252
|
| Platform(s): | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
| Product(s): | |