Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0390
jasper security update
10 February 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: jasper
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-9560 CVE-2016-8882 CVE-2016-8693
CVE-2016-8692 CVE-2016-8691 CVE-2016-8654
CVE-2016-1867
Reference: ESB-2017.0057
Original Bulletin:
http://www.debian.org/security/2017/dsa-3785
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3785-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 09, 2017 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : jasper
CVE ID : CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692
CVE-2016-8693 CVE-2016-8882 CVE-2016-9560
Multiple vulnerabilities have been discovered in the JasPer library
for processing JPEG-2000 images, which may result in denial of service
or the execution of arbitrary code if a malformed image is processed.
For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u2.
We recommend that you upgrade your jasper packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlic7P4ACgkQEMKTtsN8
TjarqA/7BWdhzNsbnEODUp3J2YMSh35RL0D7oFplRrLywsBBkTxX5Dn8g+ikAWfD
LQyjGOd/DkrqKnCt7Nf1QUHc2XmwAgV13P/j2WOqPdp3c2ogG5XQgcO7gssQo1CQ
wXZIB/HDoUS5u36slTkV6U0Flj7udW9gRmsy8OFjQcL1fHIZMcl5yReit/ex2bHU
NZhrpFhR7nzzEnW8rUNYx5pPRX+K4Z6aq60sU4Luv0HnLEsIUu3wYjcJOIZeBHQ1
Ka322VVX2hTHtUpxGbeV1Gw6QAOTc9teqsjhYbrdpOa8E9uOOM5uR/YjwuWe4Yud
yHqykgYQwVbFpmtbtsjoNKODGXnuqDtWrwUyGRMqFy5FrV9siCUZU0/SwM7wXED/
1JyS9VwvdTf1TNbGgE9AF9LeFYHB/gzFUAee06kWqqY5DpUTh1Q6mrhFxEQf0oK+
4f/oG8JEy8VTds9QcZZS3DTjeSn2pzW84z6AVe2YfOUqXPwSUhBI3uyfIhdc/yt6
RWxkdBPQRrzMpT36Sd3IIpdooF7cFdYIQapkvmzrkF7pO0Qxjy7Odizr0LwqjTw5
wAtq4HhND5LhULs6pr8PcrHOEXXOgurVB5wmiIafO95KWV7rQx8jf+3p2DkoIJZW
I7OItHvmH4hsJUCdZOwG0hawhIzM1fc5ub74g5s9N15L+u8zpro=
=q48k
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWJ0dQIx+lLeg9Ub1AQjuIhAAmC1ZDK0mhKMouIOufh4SF/ffmLP2lBCW
HADCVLY08swqmS74Bm/+85Vs26SyuXP6Dtk0a5jqNrFBEWnuiMvFT0yyfPR2H6St
be5ButDhD1MDnmHMgsZOgqL1hzVkOOTrCibro9SwjApOUg589lnVhcTCH8p+oNFW
VVHyA7UFC6Yc9iuceu3lFLXAhTSixUAltSkuWxNK86wVdolOhEgFhduU8yiFtCTu
LXGlr6Xjx+FYWIQbq1vb+bcq325vp+Bh02eXh6tglBOl4owJYWWB0TGUW+aG1rQr
1MydNGjQc+32ia42BVeGw74kYTPByr/UEl/3Lcvu/zfGM8GQI61NVrz0ZaHhCYzh
ZbZ8jCj1DrB3dXc2aDGLfr65NoJSGKPth5Gjma+smrBXewn+uWc1WeoBaY/d/8Fw
TxWmy1lMnHapUD0/4lSZD1hr9SEhYx7X2OBQ27ouubdzUbh7fAPutfp3dC22TFVH
jWUDmtok43hjyHBcyUL18We57QJAUdOHiQ5sRcHcxKPxSXKga6N0Z2zd4AB9H92t
Jidmg2cSF8Jq+qYtzKCfku2xUD5AHCYtnbTxcmS4XhCBnJ1/OvR+sbbVZnGHE0qV
r9FPtZBPKxnw7OFifmPnhwwgBnZqDANhXVzaefNHyRc1sI3dn2ZoyfUs4HHnci4c
Mu2kwhMJMR4=
=0VuY
-----END PGP SIGNATURE-----