Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-2021)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123214

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2014-2021)

Resumen: The remote host is missing an update for the 'jasper' package(s) announced via the ELSA-2014-2021 advisory.

Descripción: Summary:
The remote host is missing an update for the 'jasper' package(s) announced via the ELSA-2014-2021 advisory.

Vulnerability Insight:
[1.900.1-16.2]
- CVE-2014-8137 - double-free in jas_iccattrval_destroy (#1173566)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)

[1.900.1-16.1]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
marker segment decoders (#1171208)

[1.900.1-16]
- CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution
(#749150)

Affected Software/OS:
'jasper' package(s) on Oracle Linux 6, Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8137
BugTraq ID: 71742
http://www.securityfocus.com/bid/71742
Debian Security Information: DSA-3106 (Google Search)
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
https://www.ocert.org/advisories/ocert-2014-012.html
RedHat Security Advisories: RHSA-2014:2021
http://rhn.redhat.com/errata/RHSA-2014-2021.html
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
RedHat Security Advisories: RHSA-2015:1713
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://www.securitytracker.com/id/1033459
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
SuSE Security Announcement: openSUSE-SU-2015:0038 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
SuSE Security Announcement: openSUSE-SU-2015:0039 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
SuSE Security Announcement: openSUSE-SU-2015:0042 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://www.ubuntu.com/usn/USN-2483-1
http://www.ubuntu.com/usn/USN-2483-2
Common Vulnerability Exposure (CVE) ID: CVE-2014-8138
BugTraq ID: 71746
http://www.securityfocus.com/bid/71746
Common Vulnerability Exposure (CVE) ID: CVE-2014-9029
BugTraq ID: 71476
http://www.securityfocus.com/bid/71476
Bugtraq: 20141204 [oCERT-2014-009] JasPer input sanitization errors (Google Search)
http://www.securityfocus.com/archive/1/534153/100/0/threaded
Debian Security Information: DSA-3089 (Google Search)
http://www.debian.org/security/2014/dsa-3089
http://www.mandriva.com/security/advisories?name=MDVSA-2014:247
http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html
http://www.ocert.org/advisories/ocert-2014-009.html
http://www.openwall.com/lists/oss-security/2014/12/04/9
http://secunia.com/advisories/62828
http://www.ubuntu.com/usn/USN-2434-1
http://www.ubuntu.com/usn/USN-2434-2
XForce ISS Database: jasper-cve20149029-bo(99125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99125

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123214
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-2021)
Resumen:	The remote host is missing an update for the 'jasper' package(s) announced via the ELSA-2014-2021 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jasper' package(s) announced via the ELSA-2014-2021 advisory. Vulnerability Insight: [1.900.1-16.2] - CVE-2014-8137 - double-free in jas_iccattrval_destroy (#1173566) - CVE-2014-8138 - heap overflow in jp2_decode (#1173566) [1.900.1-16.1] - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171208) [1.900.1-16] - CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution (#749150) Affected Software/OS: 'jasper' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8137 BugTraq ID: 71742 http://www.securityfocus.com/bid/71742 Debian Security Information: DSA-3106 (Google Search) http://www.debian.org/security/2014/dsa-3106 http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html https://www.ocert.org/advisories/ocert-2014-012.html RedHat Security Advisories: RHSA-2014:2021 http://rhn.redhat.com/errata/RHSA-2014-2021.html RedHat Security Advisories: RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html RedHat Security Advisories: RHSA-2015:1713 http://rhn.redhat.com/errata/RHSA-2015-1713.html http://www.securitytracker.com/id/1033459 http://secunia.com/advisories/61747 http://secunia.com/advisories/62311 http://secunia.com/advisories/62615 http://secunia.com/advisories/62619 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 SuSE Security Announcement: openSUSE-SU-2015:0038 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:0039 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0042 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html http://www.ubuntu.com/usn/USN-2483-1 http://www.ubuntu.com/usn/USN-2483-2 Common Vulnerability Exposure (CVE) ID: CVE-2014-8138 BugTraq ID: 71746 http://www.securityfocus.com/bid/71746 Common Vulnerability Exposure (CVE) ID: CVE-2014-9029 BugTraq ID: 71476 http://www.securityfocus.com/bid/71476 Bugtraq: 20141204 [oCERT-2014-009] JasPer input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/534153/100/0/threaded Debian Security Information: DSA-3089 (Google Search) http://www.debian.org/security/2014/dsa-3089 http://www.mandriva.com/security/advisories?name=MDVSA-2014:247 http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html http://www.ocert.org/advisories/ocert-2014-009.html http://www.openwall.com/lists/oss-security/2014/12/04/9 http://secunia.com/advisories/62828 http://www.ubuntu.com/usn/USN-2434-1 http://www.ubuntu.com/usn/USN-2434-2 XForce ISS Database: jasper-cve20149029-bo(99125) https://exchange.xforce.ibmcloud.com/vulnerabilities/99125
Copyright	Copyright (C) 2015 Greenbone AG