Mandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities has been identified and fixed in jasper. The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file. Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
bb011ce7611d59bfda01a973ade80c606450b41a47cc876e66e2bab18cf98dc6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:142-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : jasper
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in jasper:
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer
JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted
attackers to cause a denial of service (crash) and possibly corrupt
the heap via malformed image files, as originally demonstrated using
imagemagick convert (CVE-2007-2721).
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
JasPer 1.900.1 allows local users to overwrite arbitrary files via
a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).
The updated packages have been patched to prevent this.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
5f9c8dfae30f0cadf061de621b8c8001 2008.0/i586/jasper-1.900.1-2.1mdv2008.0.i586.rpm
31a18f0fd0eaf9fe8fbc3152716c5a97 2008.0/i586/libjasper1-1.900.1-2.1mdv2008.0.i586.rpm
c19c0a59243be390523cfeb26362e177 2008.0/i586/libjasper1-devel-1.900.1-2.1mdv2008.0.i586.rpm
88a5c06798169a312935e33918194286 2008.0/i586/libjasper1-static-devel-1.900.1-2.1mdv2008.0.i586.rpm
16072736699b72d0d545a3b632fa0d70 2008.0/SRPMS/jasper-1.900.1-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
387d1e14ef8069d239bff354726b26cb 2008.0/x86_64/jasper-1.900.1-2.1mdv2008.0.x86_64.rpm
2ab7bf2550e00e423b511b5921a103b3 2008.0/x86_64/lib64jasper1-1.900.1-2.1mdv2008.0.x86_64.rpm
5abd166c380e4ed1cc9b925b5d0f1845 2008.0/x86_64/lib64jasper1-devel-1.900.1-2.1mdv2008.0.x86_64.rpm
36e2d6ef0ceb0ffdfa88265a9b016173 2008.0/x86_64/lib64jasper1-static-devel-1.900.1-2.1mdv2008.0.x86_64.rpm
16072736699b72d0d545a3b632fa0d70 2008.0/SRPMS/jasper-1.900.1-2.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGBu5mqjQ0CJFipgRAnnxAKC1Yqp3matYvYtzco9NCLtW6KlsNgCgjIzw
PL7nkNJNn62nP+NYytohvZk=
=f+gJ
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed