[El-errata] ELSA-2014-2021 Important: Oracle Linux 6 jasper security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Dec 18 17:30:23 PST 2014


Oracle Linux Security Advisory ELSA-2014-2021

https://rhn.redhat.com/errata/RHSA-2014-2021.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
jasper-1.900.1-16.el6_6.2.i686.rpm
jasper-devel-1.900.1-16.el6_6.2.i686.rpm
jasper-libs-1.900.1-16.el6_6.2.i686.rpm
jasper-utils-1.900.1-16.el6_6.2.i686.rpm

x86_64:
jasper-1.900.1-16.el6_6.2.x86_64.rpm
jasper-devel-1.900.1-16.el6_6.2.i686.rpm
jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm
jasper-libs-1.900.1-16.el6_6.2.i686.rpm
jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm
jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/jasper-1.900.1-16.el6_6.2.src.rpm



Description of changes:

[1.900.1-16.2]
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)

[1.900.1-16.1]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
                   marker segment decoders (#1171208)

[1.900.1-16]
- CERT VU#887409: heap buffer overflow flaws lead to arbitrary code 
execution
   (#749150)






More information about the El-errata mailing list