Slackware Security Advisory - New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
3c4a3a5cf1e480feed4b9092b1aa939f9e0eaf1cd0b6da12b95876f269e7e405Red Hat Security Advisory 2015-0698-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
68a43a747ec94c539289d4690fe6d0f323e73e13ebc4e27e63b022686014f904Ubuntu Security Notice 1317-1 - It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Various other issues were also addressed.
1fcf7293472e791a0923b72c104ac27add330ec563ccfa26ed3174c631ebbd57Debian Linux Security Advisory 2080-1 - Several security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file.
e4041acaa31e18f427619f7fda91a9bb056b0d4e044eec876f34876cc862fcedMandriva Linux Security Advisory 2009-317 - Multiple security vulnerabilities has been identified and fixed Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.
baa80d8442db814e48275e8f9a82bf6ae94f1973a66428643331d63e0b57da68Mandriva Linux Security Advisory 2009-311 - Multiple security vulnerabilities has been identified and fixed in ghostscript.
7d620b4793a61a790bea974d9d2e7ae93d719f604dcaef5d8714471748e8c774Mandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities has been identified and fixed in jasper. The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file. Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
bb011ce7611d59bfda01a973ade80c606450b41a47cc876e66e2bab18cf98dc6Mandriva Linux Security Advisory 2009-165 - Multiple security vulnerabilities have been identified and fixed in ghostscript.
5cf24eebbe56a194ea9cc2bb03c4bd19320dac24d63dee63d41a6250ab218361Mandriva Linux Security Advisory 2009-164 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.
fbcfb12e4936b56d1c5970de9f62efc23910b68cde27f78e2bbb884450d097caMandriva Linux Security Advisory 2009-144 - Multiple security vulnerabilities has been identified and fixed in ghostscript. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library.
a61cd6517359627eca577c640766aa444bd2aa82cf7fb95668bc1460faace6d6Mandriva Linux Security Advisory 2009-143 - Multiple security vulnerabilities has been identified and fixed in netpbm. The updated packages have been patched to prevent this.
b81ea8edb865aa9d27f8415798b828cc20746cd83801b09dfc80cc4527f2804aMandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.
b920991474e725876f9cb28ec9f67c5880d98861c674fd23c25eec1f1ac63adcUbuntu Security Notice USN-742-1 - It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. It was discovered that JasPer created temporary files in an insecure way. Local users could exploit a race condition and cause a denial of service in libjasper applications. It was discovered that JasPer did not correctly handle certain formatting operations. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
ceccfd6fef2b3c020e4997d4f5e70f5339b859709880e7609d97a4b9af7869b4Gentoo Linux Security Advisory GLSA 200812-18 - Multiple memory management errors in JasPer might lead to execution of arbitrary code via jpeg2k files. Versions less than 1.900.1-r3 are affected.
4d57aebd7f1e7f3c83b382b57ad902e73ac27115f7b4c7d96b63d1bae4385111
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed