Important: jasper security update

Synopsis

Important: jasper security update

Type/Severity

Security Advisory: Important

Topic

An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es):

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
• Red Hat Enterprise Linux Server - AUS 7.6 x86_64
• Red Hat Enterprise Linux Server - AUS 7.4 x86_64
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 7 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
• Red Hat Enterprise Linux for Power, big endian 7 ppc64
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
• Red Hat Enterprise Linux for Scientific Computing 7 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
• Red Hat Enterprise Linux Server - AUS 7.3 x86_64
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, little endian 7 ppc64le
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
• Red Hat Enterprise Linux Server - TUS 7.6 x86_64
• Red Hat Enterprise Linux Server - TUS 7.3 x86_64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

Fixes

• BZ - 1254242 - CVE-2015-5203 jasper: integer overflow in jas_image_cmpt_create()
• BZ - 1255710 - CVE-2015-5221 jasper: use-after-free and double-free flaws in mif_process_cmpt()
• BZ - 1298135 - CVE-2016-1867 jasper: out-of-bounds read in jpc_pi_nextcprl()
• BZ - 1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
• BZ - 1314466 - CVE-2016-1577 jasper: double free issue in jas_iccattrval_destroy()
• BZ - 1314472 - CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()
• BZ - 1385499 - CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks
• BZ - 1385502 - CVE-2016-8691 CVE-2016-8692 jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
• BZ - 1385507 - CVE-2016-8693 jasper: incorrect handling of bufsize 0 in mem_resize()
• BZ - 1388840 - CVE-2016-10249 jasper: integer overflow in jas_matrix_create()
• BZ - 1388870 - CVE-2016-8883 jasper: reachable asserts in jpc_dec_tiledecode()
• BZ - 1393882 - CVE-2016-9262 jasper: integer truncation in jas_image_cmpt_create()
• BZ - 1396959 - CVE-2016-9387 jasper: integer overflow in jpc_dec_process_siz()
• BZ - 1396962 - CVE-2016-9388 jasper: reachable assertions in RAS encoder/decoder
• BZ - 1396963 - CVE-2016-9389 jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec
• BZ - 1396965 - CVE-2016-9390 jasper: insufficient SIZ marker tilexoff and tileyoff checks
• BZ - 1396967 - CVE-2016-9391 jasper: reachable assertions in the JPC bitstream code
• BZ - 1396971 - CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 jasper: insufficient SIZ marker segment data sanity checks
• BZ - 1398256 - CVE-2016-9560 jasper: stack-based buffer overflow in jpc_dec_tileinit()
• BZ - 1399167 - CVE-2016-8654 jasper: heap-based buffer overflow in QMFB code in JPC codec
• BZ - 1405148 - CVE-2016-9583 jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
• BZ - 1406405 - CVE-2016-9591 jasper: use-after-free / double-free in JPC encoder
• BZ - 1410026 - CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
• BZ - 1434447 - CVE-2016-10248 jasper: NULL pointer dereference in jpc_tsfb_synthesize()
• BZ - 1434461 - CVE-2016-10251 jasper: integer overflow in jpc_pi_nextcprl(), leading to out-of-bounds read

CVEs

• CVE-2015-5203
• CVE-2015-5221
• CVE-2016-10248
• CVE-2016-10249
• CVE-2016-10251
• CVE-2016-1577
• CVE-2016-1867
• CVE-2016-2089
• CVE-2016-2116
• CVE-2016-8654
• CVE-2016-8690
• CVE-2016-8691
• CVE-2016-8692
• CVE-2016-8693
• CVE-2016-8883
• CVE-2016-8884
• CVE-2016-8885
• CVE-2016-9262
• CVE-2016-9387
• CVE-2016-9388
• CVE-2016-9389
• CVE-2016-9390
• CVE-2016-9391
• CVE-2016-9392
• CVE-2016-9393
• CVE-2016-9394
• CVE-2016-9560
• CVE-2016-9583
• CVE-2016-9591
• CVE-2016-9600

References

• https://access.redhat.com/security/updates/classification/#important