Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867, CVE-2016-1577 and CVE-2016-2116.
sudo dnf upgrade --advisory=FEDORA-2016-7776983633Please login to add feedback.
| submitted | 3 years ago |
| in testing | 3 years ago |
| in stable | 3 years ago |
| 0 | 0 | #1254242 CVE-2015-5203 jasper: double free in jasper_image_stop_load() |
| 0 | 0 | #1254244 CVE-2015-5203 jasper: double free in jasper_image_stop_load() [fedora-all] |
| 0 | 0 | #1255710 CVE-2015-5221 jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library |
| 0 | 0 | #1255714 CVE-2015-5221 jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library [fedora-all] |
| 0 | 0 | #1298135 CVE-2016-1867 jasper: out-of-bounds read in the jpc_pi_nextcprl() function |
| 0 | 0 | #1298138 CVE-2016-1867 jasper: out-of-bounds read in the jpc_pi_nextcprl() function [fedora-all] |
| 0 | 0 | #1314466 CVE-2016-1577 jasper: Double free vulnerability in jas_iccattrval_destroy |
| 0 | 0 | #1314468 CVE-2016-1577 jasper: Double free vulnerability in jas_iccattrval_destroy [fedora-all] |
| 0 | 0 | #1314472 CVE-2016-2116 jasper: Memory leak in jas_iccprof_createfrombuf causing memory consumption |
| 0 | 0 | #1314473 CVE-2016-2116 jasper: Memory leak in jas_iccprof_createfrombuf causing memory consumption [fedora-all] |
jridky
This update has been submitted for testing by jridky.
This update has been pushed to testing.
works for me
LGTM
This update has been submitted for stable by bodhi.
works for me
This update has been pushed to stable.
This breaks gnome-software (and really, anything that tries to load files using gtk-pixbuf) and prevents it starting:
GtkPixbuf actually depends on the -1 buffer size to support auto-expanding the memory buffer at runtime, so changing the API by making the field unsigned breaks as GTK then tries to allocate a huge buffer.
Users of the updated lib seem to very reliably crash.