FEDORA-2016-6c789ba91d

security update in Fedora 23 for jasper

Status: stable 2 years ago

This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886.


New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693.


New version of jasper is available (1.900.3)


Security fix for CVE-2016-2089


New version of jasper is available.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-6c789ba91d

Comments 8

This update has been submitted for testing by jridky.

This update has obsoleted jasper-1.900.3-1.fc23, and has inherited its bugs and notes.

This update has been pushed to testing.

no regressions noted

karma: +1

jridky edited this update.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by jridky.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 5
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 20

00 #1302636 CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
00 #1302639 CVE-2016-2089 jasper: invalid read in the JasPer's jas_matrix_clip() function [fedora-all]
00 #1382188 jasper-1.900.2 is available
00 #1384266 jasper-1.900.3 is available
00 #1385499 CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata triggered by crafted BMP image
00 #1385502 CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz
00 #1385503 CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz
00 #1385507 CVE-2016-8693 jasper: Double free vulnerability in mem_close
00 #1385516 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 jasper: various flaws [fedora-all]
00 #1385637 jasper-1.900.13 is available
00 #1388828 CVE-2016-8887 jasper: Null pointer dereference in jp2_colr_destroy
00 #1388829 jasper: Null pointer dereference in jp2_colr_destroy (incomplete fix for CVE-2016-8887)
00 #1388831 CVE-2016-8884 CVE-2016-8885 jasper: Null pointer dereference in bmp_getdata (incomplete fix for CVE-2016-8690)
00 #1388840 jasper: Heap-based buffer overflow in jpc_dec_tiledecode
00 #1388863 CVE-2016-8880 jasper: Heap buffer overflow in jpc_dec_cp_setfromcox()
00 #1388864 CVE-2016-8881 jasper: Heap buffer overflow in jpc_getuint16()
00 #1388866 CVE-2016-8882 jasper: Null pointer access in jpc_pi_destroy
00 #1388870 CVE-2016-8883 jasper: Assert in jpc_dec_tiledecode()
00 #1388873 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8887 jasper: various flaws [fedora-all]
00 #1388880 CVE-2016-8886 jasper: memory allocation failure in jas_malloc

Automated Test Results