Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0390 jasper security update 10 February 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jasper Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-9560 CVE-2016-8882 CVE-2016-8693 CVE-2016-8692 CVE-2016-8691 CVE-2016-8654 CVE-2016-1867 Reference: ESB-2017.0057 Original Bulletin: http://www.debian.org/security/2017/dsa-3785 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3785-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. For the stable distribution (jessie), these problems have been fixed in version 1.900.1-debian1-2.4+deb8u2. We recommend that you upgrade your jasper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlic7P4ACgkQEMKTtsN8 TjarqA/7BWdhzNsbnEODUp3J2YMSh35RL0D7oFplRrLywsBBkTxX5Dn8g+ikAWfD LQyjGOd/DkrqKnCt7Nf1QUHc2XmwAgV13P/j2WOqPdp3c2ogG5XQgcO7gssQo1CQ wXZIB/HDoUS5u36slTkV6U0Flj7udW9gRmsy8OFjQcL1fHIZMcl5yReit/ex2bHU NZhrpFhR7nzzEnW8rUNYx5pPRX+K4Z6aq60sU4Luv0HnLEsIUu3wYjcJOIZeBHQ1 Ka322VVX2hTHtUpxGbeV1Gw6QAOTc9teqsjhYbrdpOa8E9uOOM5uR/YjwuWe4Yud yHqykgYQwVbFpmtbtsjoNKODGXnuqDtWrwUyGRMqFy5FrV9siCUZU0/SwM7wXED/ 1JyS9VwvdTf1TNbGgE9AF9LeFYHB/gzFUAee06kWqqY5DpUTh1Q6mrhFxEQf0oK+ 4f/oG8JEy8VTds9QcZZS3DTjeSn2pzW84z6AVe2YfOUqXPwSUhBI3uyfIhdc/yt6 RWxkdBPQRrzMpT36Sd3IIpdooF7cFdYIQapkvmzrkF7pO0Qxjy7Odizr0LwqjTw5 wAtq4HhND5LhULs6pr8PcrHOEXXOgurVB5wmiIafO95KWV7rQx8jf+3p2DkoIJZW I7OItHvmH4hsJUCdZOwG0hawhIzM1fc5ub74g5s9N15L+u8zpro= =q48k - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWJ0dQIx+lLeg9Ub1AQjuIhAAmC1ZDK0mhKMouIOufh4SF/ffmLP2lBCW HADCVLY08swqmS74Bm/+85Vs26SyuXP6Dtk0a5jqNrFBEWnuiMvFT0yyfPR2H6St be5ButDhD1MDnmHMgsZOgqL1hzVkOOTrCibro9SwjApOUg589lnVhcTCH8p+oNFW VVHyA7UFC6Yc9iuceu3lFLXAhTSixUAltSkuWxNK86wVdolOhEgFhduU8yiFtCTu LXGlr6Xjx+FYWIQbq1vb+bcq325vp+Bh02eXh6tglBOl4owJYWWB0TGUW+aG1rQr 1MydNGjQc+32ia42BVeGw74kYTPByr/UEl/3Lcvu/zfGM8GQI61NVrz0ZaHhCYzh ZbZ8jCj1DrB3dXc2aDGLfr65NoJSGKPth5Gjma+smrBXewn+uWc1WeoBaY/d/8Fw TxWmy1lMnHapUD0/4lSZD1hr9SEhYx7X2OBQ27ouubdzUbh7fAPutfp3dC22TFVH jWUDmtok43hjyHBcyUL18We57QJAUdOHiQ5sRcHcxKPxSXKga6N0Z2zd4AB9H92t Jidmg2cSF8Jq+qYtzKCfku2xUD5AHCYtnbTxcmS4XhCBnJ1/OvR+sbbVZnGHE0qV r9FPtZBPKxnw7OFifmPnhwwgBnZqDANhXVzaefNHyRc1sI3dn2ZoyfUs4HHnci4c Mu2kwhMJMR4= =0VuY -----END PGP SIGNATURE-----