Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-479
Advisory Released Date: 2015-02-11
Advisory Updated Date: 2015-02-11
Severity:
Important
References:
CVE-2014-8157
CVE-2014-8158
RHSA-2015-0074
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157)
An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158)
Affected Packages:
jasper
Issue Correction:
Run yum update jasper to update your system.
New Packages:
i686:
jasper-libs-1.900.1-16.9.amzn1.i686
jasper-debuginfo-1.900.1-16.9.amzn1.i686
jasper-utils-1.900.1-16.9.amzn1.i686
jasper-devel-1.900.1-16.9.amzn1.i686
jasper-1.900.1-16.9.amzn1.i686
src:
jasper-1.900.1-16.9.amzn1.src
x86_64:
jasper-1.900.1-16.9.amzn1.x86_64
jasper-debuginfo-1.900.1-16.9.amzn1.x86_64
jasper-devel-1.900.1-16.9.amzn1.x86_64
jasper-utils-1.900.1-16.9.amzn1.x86_64
jasper-libs-1.900.1-16.9.amzn1.x86_64