Mageia Advisory: MGASA-2019-0167 - Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities

Publication date: 12 May 2019
Modification date: 12 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-9398 , CVE-2018-19542 , CVE-2018-19539

Description

Updated jasper packages fix security vulnerabilities:

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17
allows remote attackers to cause a denial of service (assertion failure)
via unspecified vectors (CVE-2016-9398).

A denial of service in jp2_decode (CVE-2018-19542).

A denial of service in jas_image_readcmpt (CVE-2018-19539).

References

https://bugs.mageia.org/show_bug.cgi?id=24760
https://lists.opensuse.org/opensuse-updates/2019-05/msg00017.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19539

SRPMS

6/core

jasper-1.900.23-5.2.mga6

Advisories » MGASA-2019-0167

Updated jasper packages fix security vulnerabilities

Description

References

SRPMS

6/core