CVE-2015-5203 Red Hat Update for jasper (RHSA-2017-1208)

2017年5月11日 1042点热度 0人点赞 0条评论

漏洞类别：RedHat

漏洞等级：

漏洞信息

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Enterprise Linux Server - TUS 7.3 x86_64

漏洞危害

On successfully exploitation a specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1208 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1208: Red Hat Enterprise Linux

0day

CVE-2015-5203 Red Hat Update for jasper (RHSA-2017-1208)

文章评论