Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2296 jasper security update 5 December 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jasper Publisher: Debian Operating System: Debian GNU/Linux 7 Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-9029 Original Bulletin: http://www.debian.org/security/2014/dsa-3089 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running jasper check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3089-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2014-9029 Debian Bug : 772036 Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your jasper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUgHrJAAoJEAVMuPMTQ89EFekP/21TDzhAR4T6eKGUQ6MMigUu XqHkqsFkaP+6oKyVWjgzH38EWANEDDXoi0/T0KORY6uzaJwBQ+DdjHWVHokyN8Iy ynJQ60foV0+h5ZabpUbJc0uLnF8sc9V4AxAeQ+Z/C6lvIdF/kwXMCMFdd+gF3lI6 eZzE0pgBA5I9vJO0YREVXYtPVZ86R8Igy+YtKTBnXjPe2W4Mkc3pb9Dr2ha0eATH ZwNS9R2s6ifpDPHr5xtxAp3j5FDLuCGfswoGFDisW2sWXuRAbG1QKnRXH7uy4MyK DIIyuS+0LMGhym8+DB1KGMMo4MFhVsydSG4vx5zLkxZYahXDp/wMKQGT0lft5q8y 4DN2FYqwgLMDgGsL8AcFIJ40G6iXc4Uug6B0nyRHtKpy8nnnKhxIjnSVe6Q4PFra Bph4CiWsfu9kJUYFk4ukD/kAnILc+RfPwfMGA9t0XKz3WVixfv+vhWMRG90cmmNA 14rsVkkts52RyhAiuhgyxS5UuqE3srNyx64NLMKvIZJuT9Id/V5+ciovZEFsOD7k M05WadrNff5YQTkLjZKNSwkZ2YwaHP7uwJ2euMFBMkOtz8s2GBQnxLWb0A7IYNGC 1pNEXC7a9FHutmFFdYMCc7OP/oUiGZb4qe+rvH3GyLnegTDQZ0MN7oYX3ze5IUYc LDS8UAI8LMV2/X2knxLJ =qpMK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVID8BRLndAQH1ShLAQJiAQ//bbHgdCvga6y2QwH9jc9jF6N0XQoeny5g QIUxVHOZ2J9hF59OGA8ZHTK6FCbF2STux/kV78Wsl8nAMpYDsbuoNtzNETjOYWpm 96W3bhh6EK50b9oOsAOM0JMpsz+XwrrcbhM9w0H7XIW8zY65FIbeRCXszlkmCslr Mm3q2WBtXURIqp0na4hqFSZGnaiKyre1NfbF7QrM8wM5NXa5QusfAl6oZRS8DHho ow7CRq12vqTGl4D7HMnfRpy9DunesA8grCfrnbRbGJgjYRz3FpL8wyj+b72LMZ3C 9j3YN8aclI3AUmdM+sonWWN5MEtGrRZ/v2+JkPuKLDN8584ppBzIU9W86NV8BSqx aKzPzyCzHUEPpCcINYZWLSjR1lHG/bVVvwJ0Ox/jcz1uSqEfkrEEjMM0Mq8whJyD LfoVxtPX/ccPrKgDhfYbAraaOSvFpq+jfmSKf+070MadtAkw062oTP6IO9IZ/pmj tvm/GJLjPv5UwC2xm110i00xD3YIusfhXYRygFHNcveoKe6W977WV6h50F9FAGLs eATDa6z5zkkx5QB57hT29uA0360LkMngP9OXQHlOs79iMazcer2P7bNrBOQn45TE tyZ/o+fOf8s0Ho0ujBotYVsic/AlUJJINXBBtT6wNI57iUyTvCQrynOaNw0SXhni YSwZgFPSvnk= =U3fv -----END PGP SIGNATURE-----