Security update for jasper SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1315-1 Final 1 1 2019-05-02T14:26:13Z current 2019-05-02T14:26:13Z 2019-05-02T14:26:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for jasper This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1315 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW/#RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW E-Mail link for openSUSE-SU-2019:1315-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1010783 SUSE Bug 1010783 https://bugzilla.suse.com/1117505 SUSE Bug 1117505 https://bugzilla.suse.com/1117511 SUSE Bug 1117511 https://www.suse.com/security/cve/CVE-2016-9396/ SUSE CVE CVE-2016-9396 page https://www.suse.com/security/cve/CVE-2018-19539/ SUSE CVE CVE-2018-19539 page https://www.suse.com/security/cve/CVE-2018-19542/ SUSE CVE CVE-2018-19542 page openSUSE Leap 15.0 jasper-2.0.14-lp150.2.3.1 libjasper-devel-2.0.14-lp150.2.3.1 libjasper4-2.0.14-lp150.2.3.1 libjasper4-32bit-2.0.14-lp150.2.3.1 jasper-2.0.14-lp150.2.3.1 as a component of openSUSE Leap 15.0 libjasper-devel-2.0.14-lp150.2.3.1 as a component of openSUSE Leap 15.0 libjasper4-2.0.14-lp150.2.3.1 as a component of openSUSE Leap 15.0 libjasper4-32bit-2.0.14-lp150.2.3.1 as a component of openSUSE Leap 15.0 The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. CVE-2016-9396 openSUSE Leap 15.0:jasper-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper-devel-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper4-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper4-32bit-2.0.14-lp150.2.3.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW/#RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW https://www.suse.com/security/cve/CVE-2016-9396.html CVE-2016-9396 https://bugzilla.suse.com/1010783 SUSE Bug 1010783 https://bugzilla.suse.com/1021871 SUSE Bug 1021871 https://bugzilla.suse.com/1082397 SUSE Bug 1082397 https://bugzilla.suse.com/1154883 SUSE Bug 1154883 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. CVE-2018-19539 openSUSE Leap 15.0:jasper-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper-devel-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper4-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper4-32bit-2.0.14-lp150.2.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW/#RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW https://www.suse.com/security/cve/CVE-2018-19539.html CVE-2018-19539 https://bugzilla.suse.com/1117511 SUSE Bug 1117511 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. CVE-2018-19542 openSUSE Leap 15.0:jasper-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper-devel-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper4-2.0.14-lp150.2.3.1 openSUSE Leap 15.0:libjasper4-32bit-2.0.14-lp150.2.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW/#RSYQNAT5MUXEB4LAI5BKNEDXZIYSUKSW https://www.suse.com/security/cve/CVE-2018-19542.html CVE-2018-19542 https://bugzilla.suse.com/1117505 SUSE Bug 1117505 https://bugzilla.suse.com/1117507 SUSE Bug 1117507 https://bugzilla.suse.com/1178702 SUSE Bug 1178702