Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.2776.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:2776-1)
Summary:The remote host is missing an update for the 'jasper' package(s) announced via the SUSE-SU-2016:2776-1 advisory.
Description:Summary:
The remote host is missing an update for the 'jasper' package(s) announced via the SUSE-SU-2016:2776-1 advisory.

Vulnerability Insight:
This update for jasper fixes the following issues:
Security fixes:
- CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)
(bsc#1006836)
- CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c)
(bsc#1006599)
- CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in
bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009)
- CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598)
- CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy
(bsc#1006597)
- CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593)
- CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591)
- CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242)
- CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz
(bsc#1005090)
- CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by
crafted BMP image (bsc#1005084)
- CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function
(bsc#963983)
- CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl()
function (bsc#961886)
- CVE-2016-1577, CVE-2016-2116: double free vulnerability in the
jas_iccattrval_destroy function (bsc#968373)
- CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200
(bsc#942553)
- CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation
(bsc#941919)
- CVE-2008-3522: multiple integer overflows (bsc#392410)
- bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)
(incomplete fix for CVE-2016-8887)

Affected Software/OS:
'jasper' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3522
BugTraq ID: 31470
http://www.securityfocus.com/bid/31470
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view
http://bugs.gentoo.org/show_bug.cgi?id=222819
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-742-1
XForce ISS Database: jasper-jasstreamprintf-bo(45623)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45623
Common Vulnerability Exposure (CVE) ID: CVE-2015-5203
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/
https://security.gentoo.org/glsa/201707-07
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
http://www.openwall.com/lists/oss-security/2015/08/16/2
RedHat Security Advisories: RHSA-2017:1208
https://access.redhat.com/errata/RHSA-2017:1208
SuSE Security Announcement: openSUSE-SU-2016:2722 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html
SuSE Security Announcement: openSUSE-SU-2016:2737 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html
SuSE Security Announcement: openSUSE-SU-2016:2833 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html
https://usn.ubuntu.com/3693-1/
Common Vulnerability Exposure (CVE) ID: CVE-2015-5221
http://www.openwall.com/lists/oss-security/2015/08/20/4
Common Vulnerability Exposure (CVE) ID: CVE-2016-1577
BugTraq ID: 84133
http://www.securityfocus.com/bid/84133
Debian Security Information: DSA-3508 (Google Search)
http://www.debian.org/security/2016/dsa-3508
http://www.openwall.com/lists/oss-security/2016/03/03/12
http://www.ubuntu.com/usn/USN-2919-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1867
BugTraq ID: 81488
http://www.securityfocus.com/bid/81488
Debian Security Information: DSA-3785 (Google Search)
http://www.debian.org/security/2017/dsa-3785
http://www.openwall.com/lists/oss-security/2016/01/13/2
http://www.openwall.com/lists/oss-security/2016/01/13/6
Common Vulnerability Exposure (CVE) ID: CVE-2016-2089
BugTraq ID: 83108
http://www.securityfocus.com/bid/83108
http://www.openwall.com/lists/oss-security/2016/01/28/6
http://www.openwall.com/lists/oss-security/2016/01/28/4
SuSE Security Announcement: openSUSE-SU-2016:0408 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html
SuSE Security Announcement: openSUSE-SU-2016:0413 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2116
Common Vulnerability Exposure (CVE) ID: CVE-2016-8690
BugTraq ID: 93590
http://www.securityfocus.com/bid/93590
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
http://www.openwall.com/lists/oss-security/2016/08/23/6
http://www.openwall.com/lists/oss-security/2016/10/16/14
Common Vulnerability Exposure (CVE) ID: CVE-2016-8691
BugTraq ID: 93593
http://www.securityfocus.com/bid/93593
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
Common Vulnerability Exposure (CVE) ID: CVE-2016-8692
BugTraq ID: 93588
http://www.securityfocus.com/bid/93588
Common Vulnerability Exposure (CVE) ID: CVE-2016-8693
BugTraq ID: 93587
http://www.securityfocus.com/bid/93587
https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
Common Vulnerability Exposure (CVE) ID: CVE-2016-8880
Common Vulnerability Exposure (CVE) ID: CVE-2016-8881
Common Vulnerability Exposure (CVE) ID: CVE-2016-8882
BugTraq ID: 95864
http://www.securityfocus.com/bid/95864
http://www.openwall.com/lists/oss-security/2016/10/17/1
http://www.openwall.com/lists/oss-security/2016/10/23/8
Common Vulnerability Exposure (CVE) ID: CVE-2016-8883
BugTraq ID: 95865
http://www.securityfocus.com/bid/95865
Common Vulnerability Exposure (CVE) ID: CVE-2016-8884
BugTraq ID: 93834
http://www.securityfocus.com/bid/93834
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/
http://www.openwall.com/lists/oss-security/2016/10/23/1
http://www.openwall.com/lists/oss-security/2016/10/23/9
Common Vulnerability Exposure (CVE) ID: CVE-2016-8885
https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
http://www.openwall.com/lists/oss-security/2016/10/23/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-8886
BugTraq ID: 93839
http://www.securityfocus.com/bid/93839
https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
http://www.openwall.com/lists/oss-security/2016/10/23/2
http://www.openwall.com/lists/oss-security/2016/10/25/11
Common Vulnerability Exposure (CVE) ID: CVE-2016-8887
BugTraq ID: 93835
http://www.securityfocus.com/bid/93835
https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
http://www.openwall.com/lists/oss-security/2016/10/23/3
http://www.openwall.com/lists/oss-security/2016/10/23/6
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.