jasper-2.0.14-5.el8
エラータID: AXSA:2021-2685:01
リリース日:
2021/12/13 Monday - 04:40
題名:
jasper-2.0.14-5.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- asper の jpc エンコーダーには、攻撃者が巧妙に細工された画像を
入力することにより、任意の位置で境界外書き込みを実施できる
脆弱性があります。(CVE-2020-27828)
- jasper の jp2_decode 関数に境界外読み込みの問題があり、情報漏洩や
プログラムのクラッシュが発生する脆弱性があります。
(CVE-2021-26926)
- jasper のjp2_dec.c 内の jp2_decode 関数にはヌルポインタ
デリファレンスの問題があり、プログラムをクラッシュさせ、
サービス拒否を引き起こす脆弱性があります。
(CVE-2021-26927)
- libjasper の jp2/jp2_dec.c 内の jp2_decode 関数には、チャネル数と
画像コンポーネント数が等しくない場合、ヒープ領域のバッファー
オーバーリードが発生する脆弱性があります。(CVE-2021-3272)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-27828
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
CVE-2021-26926
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
CVE-2021-26927
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
CVE-2021-3272
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
追加情報:
N/A
ダウンロード:
SRPMS
- jasper-2.0.14-5.el8.src.rpm
MD5: c687a5bdb344bd1791ca4700ae6502fe
SHA-256: bac903e6f3853b9587d9aa24d824c6c3cdac92c36405ff6991fe374a2492583b
Size: 1.61 MB
Asianux Server 8 for x86_64
- jasper-devel-2.0.14-5.el8.x86_64.rpm
MD5: bf13c0a7c82729ee21d5348816ed4d16
SHA-256: a9f2cebcf2b0b01c9fd02002471f6741547c28db563d4bbdf40b400d494fc74a
Size: 634.18 kB - jasper-libs-2.0.14-5.el8.x86_64.rpm
MD5: f70143401964e3087fb1107f978c5ee3
SHA-256: c845e47c76b83c4cf895d15e9412df1d5701c3924e272ab4837e96fbdf217e40
Size: 165.56 kB - jasper-devel-2.0.14-5.el8.i686.rpm
MD5: 1ae02cbebb5922b4b774d4202d5b902b
SHA-256: 9e89f424dd0fa78963c0cc1da30a4ea613cc6c93859c78f0f0d45b857de9341f
Size: 634.20 kB - jasper-libs-2.0.14-5.el8.i686.rpm
MD5: 3f82d55f63c3e7cd56d283f088d11cb8
SHA-256: 547a5ccc2d654610df21535d7257b3e6d5d94a0fddcd16755dc033f6155c9d46
Size: 173.62 kB