-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0921
                          jasper security update
                               10 April 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           jasper
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-10251 CVE-2016-10249 CVE-2016-9591

Reference:         ESB-2017.0914
                   ESB-2017.0057

Original Bulletin: 
   http://www.debian.org/security/2017/dsa-3827

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3827-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 07, 2017                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : jasper
CVE ID         : CVE-2016-9591 CVE-2016-10249 CVE-2016-10251

Multiple vulnerabilities have been discovered in the JasPer library for
processing JPEG-2000 images, which may result in denial of service or
the execution of arbitrary code if a malformed image is processed.

For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u3.

We recommend that you upgrade your jasper packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljn9woACgkQEMKTtsN8
TjaZTRAAv0TDH4nPWpPFg02lmxIgpM0aOOoOhkbBznG3JBPJew5v55+vNr8FXV35
hBPC0AOCQdZ4FeCb9+mQBdEw0+TOhh83T1q9OMfG/PASXU1XG7r0h3oy75R3EyFP
oebkuwmFgmvyG/LtOSCoZIzUS3uWZmSXRrI5+4bX+e4Fht2LzPNzifYANte+cntq
exEUO2yypilLYFIbWQtBsXkpmkcAqQb/bffssF/vsncYTdZGaDDiYqZ2KNzQICcb
7y2J0v0QxC7G9ZYZwpazYkspc+rwmuErGa55/O6Q6qSiZvC0QZ+yluumf/OOPJim
bDZooYj84ALNG3RqThoriIa1iSGy5JcDzBwKsBfCtIsb2GVI++4ZudgtRiZzQexR
kZDeIaYEG/PtYXVmKy9U/yTEnS8Zl5PQDAYer1cOrOJtpEimlRNy2pOSB7bz/Efe
JBRoiiwXyz7296jHlyu/JnyB1FmHHQTTNg6vq7C7MIDsDyVPOXSk1Kdb03FBDM8Q
3GXajgkd7nF7e5BRflBdtMS43sFyHLL+JeX8iECQU88CmppaJY4QKRKk2hffLlCt
oN8XEagrqYDan1E6ElG/8fwhksFrW1BrRZImsZ1otOA674NtfVYILgTgCK5LWRZ3
ay4RKGaw4RTBT0b27ff1QdsHvFMmn6Zpy1BNTU9PSklhYTchdEI=
=b92d
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWOrXiIx+lLeg9Ub1AQi0NQ//cNI+jsH3PeQETe5fWHxdGj5m4yQIpjif
0J6KylLrNEZetJYNr5YtqZHtcfGHwQLQVReTn/2h1WK7lcXtgp34KdEXoNrEIfMd
KoiMmEBuzis8FeWTzH/hSSMfe/lrGFMDULndrNpTW8rrWOA6hfWIK2JbqhJ2SdZz
oUFJJThPs4krIIH4AZROg1UK7yA/QsdQ71/3ITOhUCxch6RjEIkTUkq21t4GQT/f
v1MEGepj/Jtd3grF0M5TVe2lKS4nhA+nos2bSXRQNvQMI3EvcgvytyuuRZJ7urbJ
gof19IAbV1VGNL+pHNEcQnIyZZXT000uoSZcH1xvckP2/FLINH+VZTiCM1xBHDwb
qOGC0k+QXwRReAEEpuuoBSgISF+FP/JYiVcaAW1bCn6s7wc5IvQ3w+XEQvZMN5RG
gjd/R/RZoEUH7KySa6O6J0e/tex8IOPInQv01D4tz7ozq0E9rPLYqV3WFAPzd23S
g8v/zjdTgQD3DA04Ch9aeDWAw0b+js89stYFVqgecrDv8xYkQovXX9QlK4zgaEx9
TTJ+TqFLQsJBlhcmi8MRTr9ufFIFYWFiLsr/kBY2eDjjXBImjgRBnipIl/Q9l2uo
yI6UUpEwcjhv2C/Kc1ucvf87jrRjgLy2jx8nYwrk7cY66VK9O4Gg0TqvE5cUTria
3uxe6lKkoAM=
=tBQW
-----END PGP SIGNATURE-----