ALAS-2011-029


Amazon Linux AMI Security Advisory: ALAS-2011-29
Advisory Release Date: 2014-09-14 15:07 Pacific
Severity: Important

Issue Overview:

Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.


Affected Packages:

jasper


Issue Correction:
Run yum update jasper to update your system.

New Packages:
i686:
    jasper-debuginfo-1.900.1-15.5.amzn1.i686
    jasper-devel-1.900.1-15.5.amzn1.i686
    jasper-libs-1.900.1-15.5.amzn1.i686
    jasper-1.900.1-15.5.amzn1.i686
    jasper-utils-1.900.1-15.5.amzn1.i686

src:
    jasper-1.900.1-15.5.amzn1.src

x86_64:
    jasper-1.900.1-15.5.amzn1.x86_64
    jasper-utils-1.900.1-15.5.amzn1.x86_64
    jasper-debuginfo-1.900.1-15.5.amzn1.x86_64
    jasper-devel-1.900.1-15.5.amzn1.x86_64
    jasper-libs-1.900.1-15.5.amzn1.x86_64