Nacionalni CERT

Sigurnosni nedostaci programskog paketa jasper

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-da0b00fd64<br />2017-05-18 13:58:51.593573<br />--------------------------------------------------------------------------------<br /><br />Name : jasper<br />Product : Fedora 24<br />Version : 1.900.13<br />Release : 4.fc24<br />URL : http://www.ece.uvic.ca/~frodo/jasper/<br />Summary : Implementation of the JPEG-2000 standard, Part 1<br />Description :<br />This package contains an implementation of the image compression<br />standard JPEG-2000, Part 1. It consists of tools for conversion to and<br />from the JP2 and JPC formats.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Security fix for CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390,<br />CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560,<br />CVE-2016-9591, CVE-2016-9600, CVE-2016-10251<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1406408 - CVE-2016-9591 CVE-2016-9600 CVE-2016-10251 jasper: various flaws [fedora-all]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1406408<br /> [ 2 ] Bug #1396986 - CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 jasper: various flaws [fedora-all]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1396986<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade jasper' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriven je sigurnosni nedostatak u programskom paketu jasper za Fedoru Otkriveni nedostaci uzrokovan je neispravnim upravljanjem određenim posebno oblikovanim JPEG slikovnim datotekama, a potencijalnim napadačima omogućuje izazivanje DoS stanja ili izvršavanje proizvoljnog programskog koda s privilegijama korisnika koji pokreće program. Savjetuje se ažuriranje izdanim zakrpama.