[Oraclevm-errata] OVMSA-2015-0006 Important: Oracle VM 3.3 jasper security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Jan 26 10:24:44 PST 2015


Oracle VM Security Advisory OVMSA-2015-0006

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/jasper-1.900.1-16.el6_6.3.src.rpm



Description of changes:

[1.900.1-16.3]
- CVE-2014-8157 - dec->numtiles off-by-one check in 
jpc_dec_process_sot() (#1183671)
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183679)

[1.900.1-16.2]
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)

[1.900.1-16.1]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
                   marker segment decoders (#1171208)




More information about the Oraclevm-errata mailing list