-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:034 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : jasper Date : February 6, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157). An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158 http://advisories.mageia.org/MGASA-2015-0038.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 073aa6d28b369d5b24502044a461ac9d mbs1/x86_64/jasper-1.900.1-14.3.mbs1.x86_64.rpm 763531005b8a9a40c18805d8abbb439a mbs1/x86_64/lib64jasper1-1.900.1-14.3.mbs1.x86_64.rpm d1314e0425ebf78ed4083d57351f67f1 mbs1/x86_64/lib64jasper-devel-1.900.1-14.3.mbs1.x86_64.rpm a1030ae32d7e3e7735749cbd3335650c mbs1/x86_64/lib64jasper-static-devel-1.900.1-14.3.mbs1.x86_64.rpm d912dd8f4ddf008098d9d666ec7e14e7 mbs1/SRPMS/jasper-1.900.1-14.3.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU1If9mqjQ0CJFipgRAjuTAKDGFekty4m/ibVUq7TOyu6IYGQxBwCgzO+c 3eg09Q5NQ+Gz/HZOLcnANvU= =Nfko -----END PGP SIGNATURE-----