RHEL 6 / 7 : jasper (RHSA-2017:1208)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for jasper is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image
compression standard.

Security Fix(es) :

Multiple flaws were found in the way JasPer decoded JPEG 2000 image
files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654,
CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221,
CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884,
CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image
files. A specially crafted file could cause an application using
JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116,
CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387,
CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391,
CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583,
CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Red Hat would like to thank Liu Bingchang (IIE) for reporting
CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600;
Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for
reporting CVE-2015-5221.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-5203.html
https://www.redhat.com/security/data/cve/CVE-2015-5221.html
https://www.redhat.com/security/data/cve/CVE-2016-10248.html
https://www.redhat.com/security/data/cve/CVE-2016-10249.html
https://www.redhat.com/security/data/cve/CVE-2016-10251.html
https://www.redhat.com/security/data/cve/CVE-2016-1577.html
https://www.redhat.com/security/data/cve/CVE-2016-1867.html
https://www.redhat.com/security/data/cve/CVE-2016-2089.html
https://www.redhat.com/security/data/cve/CVE-2016-2116.html
https://www.redhat.com/security/data/cve/CVE-2016-8654.html
https://www.redhat.com/security/data/cve/CVE-2016-8690.html
https://www.redhat.com/security/data/cve/CVE-2016-8691.html
https://www.redhat.com/security/data/cve/CVE-2016-8692.html
https://www.redhat.com/security/data/cve/CVE-2016-8693.html
https://www.redhat.com/security/data/cve/CVE-2016-8883.html
https://www.redhat.com/security/data/cve/CVE-2016-8884.html
https://www.redhat.com/security/data/cve/CVE-2016-8885.html
https://www.redhat.com/security/data/cve/CVE-2016-9262.html
https://www.redhat.com/security/data/cve/CVE-2016-9387.html
https://www.redhat.com/security/data/cve/CVE-2016-9388.html
https://www.redhat.com/security/data/cve/CVE-2016-9389.html
https://www.redhat.com/security/data/cve/CVE-2016-9390.html
https://www.redhat.com/security/data/cve/CVE-2016-9391.html
https://www.redhat.com/security/data/cve/CVE-2016-9392.html
https://www.redhat.com/security/data/cve/CVE-2016-9393.html
https://www.redhat.com/security/data/cve/CVE-2016-9394.html
https://www.redhat.com/security/data/cve/CVE-2016-9560.html
https://www.redhat.com/security/data/cve/CVE-2016-9583.html
https://www.redhat.com/security/data/cve/CVE-2016-9591.html
https://www.redhat.com/security/data/cve/CVE-2016-9600.html
http://rhn.redhat.com/errata/RHSA-2017-1208.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:ND/RC:ND)
Public Exploit Available : true