[El-errata] ELSA-2014-2021 Important: Oracle Linux 7 jasper security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Dec 18 13:06:36 PST 2014
Oracle Linux Security Advisory ELSA-2014-2021
https://rhn.redhat.com/errata/RHSA-2014-2021.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
jasper-1.900.1-26.el7_0.2.x86_64.rpm
jasper-devel-1.900.1-26.el7_0.2.i686.rpm
jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm
jasper-libs-1.900.1-26.el7_0.2.i686.rpm
jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm
jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/jasper-1.900.1-26.el7_0.2.src.rpm
Description of changes:
[1.900.1-26.2]
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173568)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173568)
[1.900.1-26.1]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
marker segment decoders (#1171210)
More information about the El-errata
mailing list