ALAS2-2019-1150


Amazon Linux 2 Security Advisory: ALAS-2019-1150
Advisory Release Date: 2019-01-25 00:56 Pacific
Severity: Low

Issue Overview:

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.(CVE-2016-9396 )

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.(CVE-2017-1000050 )


Affected Packages:

jasper


Issue Correction:
Run yum update jasper to update your system.

New Packages:
aarch64:
    jasper-1.900.1-33.amzn2.aarch64
    jasper-devel-1.900.1-33.amzn2.aarch64
    jasper-libs-1.900.1-33.amzn2.aarch64
    jasper-utils-1.900.1-33.amzn2.aarch64
    jasper-debuginfo-1.900.1-33.amzn2.aarch64

i686:
    jasper-1.900.1-33.amzn2.i686
    jasper-devel-1.900.1-33.amzn2.i686
    jasper-libs-1.900.1-33.amzn2.i686
    jasper-utils-1.900.1-33.amzn2.i686
    jasper-debuginfo-1.900.1-33.amzn2.i686

src:
    jasper-1.900.1-33.amzn2.src

x86_64:
    jasper-1.900.1-33.amzn2.x86_64
    jasper-devel-1.900.1-33.amzn2.x86_64
    jasper-libs-1.900.1-33.amzn2.x86_64
    jasper-utils-1.900.1-33.amzn2.x86_64
    jasper-debuginfo-1.900.1-33.amzn2.x86_64