MDVSA-2011:189

Nom du paquet

jasper

Date

2011-12-16

Advisory ID

MDVSA-2011:189

Affected versions

MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in jasper:

Heap-based buffer overflow in the jpc_cox_getcompparms function in
libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption)
via a crafted numrlvls value in a JPEG2000 file (CVE-2011-4516).

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer
1.900.1 uses an incorrect data type during a certain size calculation,
which allows remote attackers to trigger a heap-based buffer overflow
and execute arbitrary code, or cause a denial of service (heap memory
corruption), via a malformed JPEG2000 file (CVE-2011-4517).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 8bf49dec9c4e4890e3e989ff8fc3bb19  mes5/i586/jasper-1.900.1-4.3mdvmes5.2.i586.rpm
 bccebb05fb7594cae930ba03ee527039  mes5/i586/libjasper1-1.900.1-4.3mdvmes5.2.i586.rpm
 35b631ab6c5f153c1e2d273142d385f3  mes5/i586/libjasper1-devel-1.900.1-4.3mdvmes5.2.i586.rpm
 c01ebaa0319a5bd480a69f3f7d84f35a  mes5/i586/libjasper1-static-devel-1.900.1-4.3mdvmes5.2.i586.rpm 
 8da90dd5afaeb2aaf09daad2f97d83ab  mes5/SRPMS/jasper-1.900.1-4.3mdvmes5.2.src.rpm

2010.1 i586

 e494dad90e889530c86071f3ffdc2144  2010.1/i586/jasper-1.900.1-12.1mdv2010.2.i586.rpm
 b2b08a6ecacf2d26d032b1e65ebf390d  2010.1/i586/libjasper1-1.900.1-12.1mdv2010.2.i586.rpm
 71a43faf4f98f4c8220c377691fc6d7c  2010.1/i586/libjasper-devel-1.900.1-12.1mdv2010.2.i586.rpm
 002cc21e456874c4927eb0d87c946b98  2010.1/i586/libjasper-static-devel-1.900.1-12.1mdv2010.2.i586.rpm 
 1cda18f770486d728dc15efdcecc177d  2010.1/SRPMS/jasper-1.900.1-12.1mdv2010.2.src.rpm

2011 x86_64

 136e4a0960f038fb1d043afc146260ff  2011/x86_64/jasper-1.900.1-12.1-mdv2011.0.x86_64.rpm
 bcf658437206939760149448524eceb9  2011/x86_64/lib64jasper1-1.900.1-12.1-mdv2011.0.x86_64.rpm
 72d5f142060403ca344c2f0311258381  2011/x86_64/lib64jasper-devel-1.900.1-12.1-mdv2011.0.x86_64.rpm
 d8b8311ec34971e7908c1b2bccb671c9  2011/x86_64/lib64jasper-static-devel-1.900.1-12.1-mdv2011.0.x86_64.rpm 
 e2bbe335c556a330f7993c6119c8d6cc  2011/SRPMS/jasper-1.900.1-12.1.src.rpm

2011 i586

 2ca7cc26dc24d01d159200db795c4f62  2011/i586/jasper-1.900.1-12.1-mdv2011.0.i586.rpm
 25681b4aeccde3e9b85b4f565870853f  2011/i586/libjasper1-1.900.1-12.1-mdv2011.0.i586.rpm
 fc559da2f2ed5264c7ca37fe313f5979  2011/i586/libjasper-devel-1.900.1-12.1-mdv2011.0.i586.rpm
 81cf761c980e151a2a804f1fad5be109  2011/i586/libjasper-static-devel-1.900.1-12.1-mdv2011.0.i586.rpm 
 e2bbe335c556a330f7993c6119c8d6cc  2011/SRPMS/jasper-1.900.1-12.1.src.rpm

MES5 x86_64

 8c1aed6122fa87a6341ef2d8282f4390  mes5/x86_64/jasper-1.900.1-4.3mdvmes5.2.x86_64.rpm
 83d3051efaa4e26793bea89775e2d461  mes5/x86_64/lib64jasper1-1.900.1-4.3mdvmes5.2.x86_64.rpm
 9f7ed89204edddde7b443e7fac61fe2b  mes5/x86_64/lib64jasper1-devel-1.900.1-4.3mdvmes5.2.x86_64.rpm
 41d45d8a0ca083a26eed5b213cfd7a79  mes5/x86_64/lib64jasper1-static-devel-1.900.1-4.3mdvmes5.2.x86_64.rpm 
 8da90dd5afaeb2aaf09daad2f97d83ab  mes5/SRPMS/jasper-1.900.1-4.3mdvmes5.2.src.rpm

2010.1 x86_64

 420fb525b80f6921f36a5bdf89e7163e  2010.1/x86_64/jasper-1.900.1-12.1mdv2010.2.x86_64.rpm
 9ecae54e76c3e3320ba1837d623c0fbf  2010.1/x86_64/lib64jasper1-1.900.1-12.1mdv2010.2.x86_64.rpm
 8f8690f72954f4d33e14b5a61dab39af  2010.1/x86_64/lib64jasper-devel-1.900.1-12.1mdv2010.2.x86_64.rpm
 f08f66c77a6bd13aa9e1d642bd38a756  2010.1/x86_64/lib64jasper-static-devel-1.900.1-12.1mdv2010.2.x86_64.rpm 
 1cda18f770486d728dc15efdcecc177d  2010.1/SRPMS/jasper-1.900.1-12.1mdv2010.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516