Amazon Linux 1 Security Advisory: ALAS-2011-29
Advisory Release Date: 2011-12-12 13:45 Pacific
Advisory Updated Date: 2014-09-14 15:07 Pacific
Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Affected Packages:
jasper
Issue Correction:
Run yum update jasper to update your system.
i686:
jasper-debuginfo-1.900.1-15.5.amzn1.i686
jasper-devel-1.900.1-15.5.amzn1.i686
jasper-libs-1.900.1-15.5.amzn1.i686
jasper-1.900.1-15.5.amzn1.i686
jasper-utils-1.900.1-15.5.amzn1.i686
src:
jasper-1.900.1-15.5.amzn1.src
x86_64:
jasper-1.900.1-15.5.amzn1.x86_64
jasper-utils-1.900.1-15.5.amzn1.x86_64
jasper-debuginfo-1.900.1-15.5.amzn1.x86_64
jasper-devel-1.900.1-15.5.amzn1.x86_64
jasper-libs-1.900.1-15.5.amzn1.x86_64