Updated jasper packages fix security vulnerabilities
Publication date: 14 Jun 2018Modification date: 14 Jun 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2016-9396 , CVE-2018-9055
Description
Updated japser packages fix security vulnerabilities:
An assertion failure was possible to trigger in JPC_NOMINALGAIN
(CVE-2016-9396).
Denial of service via a reachable assertion in the function jpc_firstone in
libjasper/jpc/jpc_math.c could lead to denial of service (CVE-2018-9055).
References
- https://bugs.mageia.org/show_bug.cgi?id=23139
- https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V63HVBFSQBPI6D3JW46NY32DKGCE2YB4/
- https://lists.opensuse.org/opensuse-updates/2018-05/msg00130.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9396
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9055
SRPMS
6/core
- jasper-1.900.23-5.1.mga6
5/core
- jasper-1.900.23-1.1.mga5