ALAS-2015-466


Amazon Linux AMI Security Advisory: ALAS-2015-466
Advisory Release Date: 2015-01-08 11:43 Pacific
Severity: Important

Issue Overview:

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029 )

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138 )

A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137 )


Affected Packages:

jasper


Issue Correction:
Run yum update jasper to update your system.

New Packages:
i686:
    jasper-utils-1.900.1-16.7.amzn1.i686
    jasper-libs-1.900.1-16.7.amzn1.i686
    jasper-devel-1.900.1-16.7.amzn1.i686
    jasper-debuginfo-1.900.1-16.7.amzn1.i686
    jasper-1.900.1-16.7.amzn1.i686

src:
    jasper-1.900.1-16.7.amzn1.src

x86_64:
    jasper-libs-1.900.1-16.7.amzn1.x86_64
    jasper-1.900.1-16.7.amzn1.x86_64
    jasper-debuginfo-1.900.1-16.7.amzn1.x86_64
    jasper-devel-1.900.1-16.7.amzn1.x86_64
    jasper-utils-1.900.1-16.7.amzn1.x86_64