From Fedora Project Wiki

< FSA‎ | F7
Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

[SECURITY] Fedora 7 Update: jasper-1.900.1-2.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0007 (Corrected)
None
--------------------------------------------------------------------------------

Name        : jasper
Product     : Fedora 7
Version     : 1.900.1
Release     : 2.fc7
Summary     : Implementation of the JPEG-2000 standard, Part 1
Description :
This package contains an implementation of the image compression
standard JPEG-2000, Part 1. It consists of tools for conversion to and
from the JP2 and JPC formats.

--------------------------------------------------------------------------------
Update Information:

This update addresses an issue where the jpc_qcx_getcompparms function in
jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of
service (crash) and possibly corrupt the heap via malformed image files.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 23 2007 Rex Dieter <rdieter[AT] fedoraproject.org> 1.900.1-2
- CVE-2007-2721 (#240397)
--------------------------------------------------------------------------------
References:

Bug #240397 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397
CVE-2007-2721 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721
--------------------------------------------------------------------------------
Updated packages:

d1ad33ddc37ab768ed6680048be8d6ff298c5193 jasper-debuginfo-1.900.1-2.fc7.ppc64.rpm
487a2d7359e9bda009d1cb90e12d9a94b4bb8455 jasper-devel-1.900.1-2.fc7.ppc64.rpm
b848fcedda02f79acc2ad2a50d058ee43a274651 jasper-1.900.1-2.fc7.ppc64.rpm
3efe94050c58f766413f0c8981e33d9b49ed7a83 jasper-devel-1.900.1-2.fc7.i386.rpm
7dbffd09354793d414153b58525d50edc63efe9f jasper-1.900.1-2.fc7.i386.rpm
8800f678c0f0e59617b5406026f9ea024c74d59a jasper-debuginfo-1.900.1-2.fc7.i386.rpm
e062a97af5434d7f6fdc43ae78468b810e79363a jasper-debuginfo-1.900.1-2.fc7.x86_64.rpm
661da74b51d29d66f1aa9e7a0cab5e9d00e387f2 jasper-devel-1.900.1-2.fc7.x86_64.rpm
28b3c4972e4fe4ff559508f275baf44afa737fe3 jasper-1.900.1-2.fc7.x86_64.rpm
2fd896cac056c8213ccc8316645357bfbe31fefa jasper-debuginfo-1.900.1-2.fc7.ppc.rpm
379381c938132c783da4f20fd32fcd67d6c02f81 jasper-1.900.1-2.fc7.ppc.rpm
24c1f280a11268e0297a2440898bf5e4637dfcea jasper-devel-1.900.1-2.fc7.ppc.rpm
b51f9c6f957de49b24964c90f3da385d6379164a jasper-1.900.1-2.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------