Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2296
jasper security update
5 December 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: jasper
Publisher: Debian
Operating System: Debian GNU/Linux 7
Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-9029
Original Bulletin:
http://www.debian.org/security/2014/dsa-3089
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running jasper check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3089-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : jasper
CVE ID : CVE-2014-9029
Debian Bug : 772036
Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.
For the stable distribution (wheezy), these problems have been fixed
in version 1.900.1-13+deb7u1.
For the upcoming stable distribution (jessie) and the unstable
distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your jasper packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUgHrJAAoJEAVMuPMTQ89EFekP/21TDzhAR4T6eKGUQ6MMigUu
XqHkqsFkaP+6oKyVWjgzH38EWANEDDXoi0/T0KORY6uzaJwBQ+DdjHWVHokyN8Iy
ynJQ60foV0+h5ZabpUbJc0uLnF8sc9V4AxAeQ+Z/C6lvIdF/kwXMCMFdd+gF3lI6
eZzE0pgBA5I9vJO0YREVXYtPVZ86R8Igy+YtKTBnXjPe2W4Mkc3pb9Dr2ha0eATH
ZwNS9R2s6ifpDPHr5xtxAp3j5FDLuCGfswoGFDisW2sWXuRAbG1QKnRXH7uy4MyK
DIIyuS+0LMGhym8+DB1KGMMo4MFhVsydSG4vx5zLkxZYahXDp/wMKQGT0lft5q8y
4DN2FYqwgLMDgGsL8AcFIJ40G6iXc4Uug6B0nyRHtKpy8nnnKhxIjnSVe6Q4PFra
Bph4CiWsfu9kJUYFk4ukD/kAnILc+RfPwfMGA9t0XKz3WVixfv+vhWMRG90cmmNA
14rsVkkts52RyhAiuhgyxS5UuqE3srNyx64NLMKvIZJuT9Id/V5+ciovZEFsOD7k
M05WadrNff5YQTkLjZKNSwkZ2YwaHP7uwJ2euMFBMkOtz8s2GBQnxLWb0A7IYNGC
1pNEXC7a9FHutmFFdYMCc7OP/oUiGZb4qe+rvH3GyLnegTDQZ0MN7oYX3ze5IUYc
LDS8UAI8LMV2/X2knxLJ
=qpMK
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVID8BRLndAQH1ShLAQJiAQ//bbHgdCvga6y2QwH9jc9jF6N0XQoeny5g
QIUxVHOZ2J9hF59OGA8ZHTK6FCbF2STux/kV78Wsl8nAMpYDsbuoNtzNETjOYWpm
96W3bhh6EK50b9oOsAOM0JMpsz+XwrrcbhM9w0H7XIW8zY65FIbeRCXszlkmCslr
Mm3q2WBtXURIqp0na4hqFSZGnaiKyre1NfbF7QrM8wM5NXa5QusfAl6oZRS8DHho
ow7CRq12vqTGl4D7HMnfRpy9DunesA8grCfrnbRbGJgjYRz3FpL8wyj+b72LMZ3C
9j3YN8aclI3AUmdM+sonWWN5MEtGrRZ/v2+JkPuKLDN8584ppBzIU9W86NV8BSqx
aKzPzyCzHUEPpCcINYZWLSjR1lHG/bVVvwJ0Ox/jcz1uSqEfkrEEjMM0Mq8whJyD
LfoVxtPX/ccPrKgDhfYbAraaOSvFpq+jfmSKf+070MadtAkw062oTP6IO9IZ/pmj
tvm/GJLjPv5UwC2xm110i00xD3YIusfhXYRygFHNcveoKe6W977WV6h50F9FAGLs
eATDa6z5zkkx5QB57hT29uA0360LkMngP9OXQHlOs79iMazcer2P7bNrBOQn45TE
tyZ/o+fOf8s0Ho0ujBotYVsic/AlUJJINXBBtT6wNI57iUyTvCQrynOaNw0SXhni
YSwZgFPSvnk=
=U3fv
-----END PGP SIGNATURE-----