-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0173
                          jasper security update
                              27 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           jasper
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-8158 CVE-2014-8157 

Reference:         ESB-2015.0153

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3138

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3138-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
January 25, 2015                       http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : jasper
CVE ID         : CVE-2014-8157 CVE-2014-8158
Debian Bug     : 775970

An off-by-one flaw, leading to a heap-based buffer overflow
(CVE-2014-8157), and an unrestricted stack memory use flaw
(CVE-2014-8158) were found in JasPer, a library for manipulating
JPEG-2000 files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in
version 1.900.1-13+deb7u3.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your jasper packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUxL3JAAoJEAVMuPMTQ89Ek/MP/3guJwcHZ1lSpLYJv9QPDThE
KrK5SygodaNBaleoZsM0p5TLHS7079icFwv73hTtxWPN6ZEHoY4GHZKiLkwiFATu
ikgqLIKfxbYez7fVs/tVRyQc8dM0tfbQXEmvxSNW+7MsUN/k4fUX914/s71ol+vl
911pW6J9xWFTOVmuFp/1WYboeYBZttTCiuZCnXNkprvhcP1plmK8LNHs+KxuWoDP
Pvskw9MpmnjJi9Kjz6CC58Rqw4oiech2gzaQgLFk5yVyYeuoZjcfo/WaNoQAxB5s
k9KWZsd7c728Se0zJ6EwuDaUrvAfbsdkunljGf+eSB+lVjkNhySMI+SS+P2t9L8A
Mo8+q5Icc/8dcQxPGGNnxj+olLtVDYYIdWmSJbGkn4jxTxXC2H1jkut8XQNcUHW5
2P6fO4zyHd3P8BQNtmVlE37HaRn2A4M6/JPC2Z2G8g83bPhFV8ik2e7sHNtIJS+j
bXx9nY92N8vpFd2lAkqi5cuzYeEl9obRGqGVTkXepLqSY87p2+9Z1rMIrOBYhZms
+eWpkh7GSjK/tQp7SyfDbafuO4lm8w337HE9KS4hG4WC8fUJ7nFghvtgRf7RBLwA
bc8dJS7xoGo6HIMmeuXBl3loIwmIDEr+i2FxNqqp2Y9sAoEX8JpcuCUpEc6feign
9vZxOXtEzhQgiVJyIqY3
=o2x6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVMcMjxLndAQH1ShLAQJUHRAAiLB1A3q57AN5ge/Lu/t1EvKyMUnCPNAu
rf1Mu2JiP7+58fgheG4X6Cae1YwSMRiHsHwgojsbtLc7002dtxN+hoj0J+qqTGQb
FOxRKAeNAmCkH3c4rm2Zc6Z4pKSQsc0YWDhbD8itKqGN9cBZZpyzJ6sR3/vO4OI7
Uo4WW3DNt53BPqNebzFDd39IdRMOpIptTw3myaFVTWlEeliVVLjjkL9/fsJrvqYJ
+23n734KEGJj2DMlggN3XMD1F65dwPJ/hncFfKCnQNesGAObqp2WF8Milp4wjR7D
HJsXvtKB3ZxPAOi41FBFDqMO+NV8zzGQX30/33yBbLCu2rmMGWYZBmFc1BXCQVHf
7pkS38UF6UH4spqljONtnUIeKoOK7QJLLjTmaXES6MMlHZjNgtJ8W2yuBQtwM2Kv
0CPapXSJfBdYWuXxBo2NaIhku30yH2lceemvOg8YCVJ6HYM+edKjZbY8kNe3PFoQ
A4wZ/yy4mETvLcpJOxDPjRZo65kKzI5lPDpKiO+07Bnv9338EoV00wxNhsPoz6l/
eo8gVsIWBVeVhhBoSY1AWJT+rzEyXlYhBusJfTHF/Nr8iIYGH83b/fDfNGcTdhwJ
k5C8tnc1RMAOtIpfqgMkdOMQaQlAUo44RNOY19L8Ai2zRBXjSEnXFvfhvK3uGn+H
Smy1nJuszVw=
=mcn1
-----END PGP SIGNATURE-----