Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0921 jasper security update 10 April 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jasper Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-10251 CVE-2016-10249 CVE-2016-9591 Reference: ESB-2017.0914 ESB-2017.0057 Original Bulletin: http://www.debian.org/security/2017/dsa-3827 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3827-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2016-9591 CVE-2016-10249 CVE-2016-10251 Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. For the stable distribution (jessie), these problems have been fixed in version 1.900.1-debian1-2.4+deb8u3. We recommend that you upgrade your jasper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljn9woACgkQEMKTtsN8 TjaZTRAAv0TDH4nPWpPFg02lmxIgpM0aOOoOhkbBznG3JBPJew5v55+vNr8FXV35 hBPC0AOCQdZ4FeCb9+mQBdEw0+TOhh83T1q9OMfG/PASXU1XG7r0h3oy75R3EyFP oebkuwmFgmvyG/LtOSCoZIzUS3uWZmSXRrI5+4bX+e4Fht2LzPNzifYANte+cntq exEUO2yypilLYFIbWQtBsXkpmkcAqQb/bffssF/vsncYTdZGaDDiYqZ2KNzQICcb 7y2J0v0QxC7G9ZYZwpazYkspc+rwmuErGa55/O6Q6qSiZvC0QZ+yluumf/OOPJim bDZooYj84ALNG3RqThoriIa1iSGy5JcDzBwKsBfCtIsb2GVI++4ZudgtRiZzQexR kZDeIaYEG/PtYXVmKy9U/yTEnS8Zl5PQDAYer1cOrOJtpEimlRNy2pOSB7bz/Efe JBRoiiwXyz7296jHlyu/JnyB1FmHHQTTNg6vq7C7MIDsDyVPOXSk1Kdb03FBDM8Q 3GXajgkd7nF7e5BRflBdtMS43sFyHLL+JeX8iECQU88CmppaJY4QKRKk2hffLlCt oN8XEagrqYDan1E6ElG/8fwhksFrW1BrRZImsZ1otOA674NtfVYILgTgCK5LWRZ3 ay4RKGaw4RTBT0b27ff1QdsHvFMmn6Zpy1BNTU9PSklhYTchdEI= =b92d - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWOrXiIx+lLeg9Ub1AQi0NQ//cNI+jsH3PeQETe5fWHxdGj5m4yQIpjif 0J6KylLrNEZetJYNr5YtqZHtcfGHwQLQVReTn/2h1WK7lcXtgp34KdEXoNrEIfMd KoiMmEBuzis8FeWTzH/hSSMfe/lrGFMDULndrNpTW8rrWOA6hfWIK2JbqhJ2SdZz oUFJJThPs4krIIH4AZROg1UK7yA/QsdQ71/3ITOhUCxch6RjEIkTUkq21t4GQT/f v1MEGepj/Jtd3grF0M5TVe2lKS4nhA+nos2bSXRQNvQMI3EvcgvytyuuRZJ7urbJ gof19IAbV1VGNL+pHNEcQnIyZZXT000uoSZcH1xvckP2/FLINH+VZTiCM1xBHDwb qOGC0k+QXwRReAEEpuuoBSgISF+FP/JYiVcaAW1bCn6s7wc5IvQ3w+XEQvZMN5RG gjd/R/RZoEUH7KySa6O6J0e/tex8IOPInQv01D4tz7ozq0E9rPLYqV3WFAPzd23S g8v/zjdTgQD3DA04Ch9aeDWAw0b+js89stYFVqgecrDv8xYkQovXX9QlK4zgaEx9 TTJ+TqFLQsJBlhcmi8MRTr9ufFIFYWFiLsr/kBY2eDjjXBImjgRBnipIl/Q9l2uo yI6UUpEwcjhv2C/Kc1ucvf87jrRjgLy2jx8nYwrk7cY66VK9O4Gg0TqvE5cUTria 3uxe6lKkoAM= =tBQW -----END PGP SIGNATURE-----