Issued:: 2017-05-09
Updated:: 2017-05-09

RHSA-2017:1208 - Important: jasper security update

Synopsis

Important: jasper security update

Type/Severity

Security Advisory Important

Topic

An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es):

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions	7.7	x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions	7.6	x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions	7.4	x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions	7.3	x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support	7.7	x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support	7.6	x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support	7.5	x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support	7.4	x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support	7.3	x86_64
Red Hat Enterprise Linux for Scientific Computing	7	x86_64
Red Hat Enterprise Linux for Scientific Computing	6	x86_64
Red Hat Enterprise Linux for Power, little endian	7	ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support	7.7	ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support	7.6	ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support	7.5	ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support	7.4	ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support	7.3	ppc64le
Red Hat Enterprise Linux for Power, big endian	7	ppc64
Red Hat Enterprise Linux for Power, big endian	6	ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support	7.7	ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support	7.6	ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support	7.5	ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support	7.4	ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support	7.3	ppc64
Red Hat Enterprise Linux for IBM z Systems	7	s390x
Red Hat Enterprise Linux for IBM z Systems	6	s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support	7.7	s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support	7.6	s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support	7.5	s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support	7.4	s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support	7.3	s390x
Red Hat Enterprise Linux Workstation	7	x86_64
Red Hat Enterprise Linux Workstation	6	x86_64
Red Hat Enterprise Linux Workstation	6	i386
Red Hat Enterprise Linux Server	7	x86_64
Red Hat Enterprise Linux Server	6	x86_64
Red Hat Enterprise Linux Server	6	i386
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions	7.7	ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions	7.6	ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions	7.4	ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions	7.3	ppc64le
Red Hat Enterprise Linux Server - TUS	7.7	x86_64
Red Hat Enterprise Linux Server - TUS	7.6	x86_64
Red Hat Enterprise Linux Server - TUS	7.3	x86_64
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	7	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian	7	ppc64le
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian	7	ppc64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)	7	s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Server - AUS	7.7	x86_64
Red Hat Enterprise Linux Server - AUS	7.6	x86_64
Red Hat Enterprise Linux Server - AUS	7.4	x86_64
Red Hat Enterprise Linux Server - AUS	7.3	x86_64
Red Hat Enterprise Linux EUS Compute Node	7.7	x86_64
Red Hat Enterprise Linux EUS Compute Node	7.6	x86_64
Red Hat Enterprise Linux EUS Compute Node	7.5	x86_64
Red Hat Enterprise Linux EUS Compute Node	7.4	x86_64
Red Hat Enterprise Linux EUS Compute Node	7.3	x86_64
Red Hat Enterprise Linux Desktop	7	x86_64
Red Hat Enterprise Linux Desktop	6	x86_64
Red Hat Enterprise Linux Desktop	6	i386

Updated Packages

jasper-libs-1.900.1-30.el7_3.aarch64.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390x.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390x.rpm
jasper-libs-1.900.1-30.el7_3.ppc64.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64.rpm
jasper-utils-1.900.1-21.el6_9.s390x.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.ppc64.rpm
jasper-devel-1.900.1-30.el7_3.s390.rpm
jasper-devel-1.900.1-21.el6_9.ppc.rpm
jasper-devel-1.900.1-21.el6_9.s390.rpm
jasper-devel-1.900.1-30.el7_3.s390x.rpm
jasper-devel-1.900.1-21.el6_9.s390x.rpm
jasper-libs-1.900.1-30.el7_3.ppc.rpm
jasper-libs-1.900.1-30.el7_3.ppc64le.rpm
jasper-libs-1.900.1-21.el6_9.ppc.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-1.900.1-30.el7_3.s390x.rpm
jasper-libs-1.900.1-21.el6_9.s390x.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64le.rpm
jasper-debuginfo-1.900.1-30.el7_3.aarch64.rpm
jasper-libs-1.900.1-30.el7_3.s390.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-1.900.1-30.el7_3.ppc64le.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.ppc64le.rpm
jasper-1.900.1-30.el7_3.ppc64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc.rpm
jasper-devel-1.900.1-30.el7_3.ppc.rpm
jasper-1.900.1-30.el7_3.aarch64.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc.rpm
jasper-utils-1.900.1-30.el7_3.ppc64.rpm
jasper-devel-1.900.1-21.el6_9.ppc64.rpm
jasper-libs-1.900.1-30.el7_3.s390x.rpm
jasper-utils-1.900.1-30.el7_3.ppc64le.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390.rpm
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-1.900.1-21.el6_9.s390x.rpm
jasper-1.900.1-21.el6_9.ppc64.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm
jasper-1.900.1-21.el6_9.src.rpm
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.s390.rpm
jasper-utils-1.900.1-30.el7_3.aarch64.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.aarch64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-utils-1.900.1-21.el6_9.ppc64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm
jasper-1.900.1-30.el7_3.src.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.s390x.rpm
jasper-libs-1.900.1-21.el6_9.ppc64.rpm

Fixes

CVEs

CVE-2015-5203
CVE-2015-5221
CVE-2016-10248
CVE-2016-10249
CVE-2016-10251
CVE-2016-1577
CVE-2016-1867
CVE-2016-2089
CVE-2016-2116
CVE-2016-8654
CVE-2016-8690
CVE-2016-8691
CVE-2016-8692
CVE-2016-8693
CVE-2016-8883
CVE-2016-8884
CVE-2016-8885
CVE-2016-9262
CVE-2016-9387
CVE-2016-9388
CVE-2016-9389
CVE-2016-9390
CVE-2016-9391
CVE-2016-9392
CVE-2016-9393
CVE-2016-9394
CVE-2016-9560
CVE-2016-9583
CVE-2016-9591
CVE-2016-9600

References

https://access.redhat.com/security/updates/classification/#important

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.