GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Mar 06, 2015 5:26 pm Post subject: [ GLSA 201503-01 ] JasPer |
 |
|
Gentoo Linux Security Advisory
Title: JasPer: Multiple Vulnerabilities (GLSA 201503-01)
Severity: normal
Exploitable: remote
Date: March 06, 2015
Bug(s): #531688, #533744, #537530
ID: 201503-01
Synopsis
Multiple vulnerabilities have been found in JasPer, the worst of
which could could allow an attacker to execute arbitrary code.
Background
JasPer is a software-based implementation of the codec specified in the
JPEG-2000 Part-1 standard.
Affected Packages
Package: media-libs/jasper
Vulnerable: < 1.900.1-r9
Unaffected: >= 1.900.1-r9
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in JasPer. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted file
using JasPer, possibly resulting in execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All jasper users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r9"
|
References
CVE-2014-8137
CVE-2014-8138
CVE-2014-8157
CVE-2014-8158
CVE-2014-9029
Last edited by GLSA on Thu Jun 18, 2015 4:17 am; edited 1 time in total |
|
News & Announcements
