Bug 15122

Summary: jasper new security issues CVE-2014-8157 and CVE-2014-8158
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: olchal, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/630466/
Whiteboard: has_procedure advisory mga4-32-ok MGA4-64-OK
Source RPM: jasper-1.900.1-15.2.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-01-23 17:00:48 CET 
Upstream has issued an advisory on January 21:
http://www.ocert.org/advisories/ocert-2015-001.html

RedHat has issued an advisory for this on January 22:
https://rhn.redhat.com/errata/RHSA-2015-0074.html

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated jasper packages fix security vulnerabilities:

An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code (CVE-2014-8157).

An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158
http://www.ocert.org/advisories/ocert-2015-001.html
https://rhn.redhat.com/errata/RHSA-2015-0074.html
========================

Updated packages in core/updates_testing:
========================
jasper-1.900.1-15.3.mga4
libjasper1-1.900.1-15.3.mga4
libjasper-devel-1.900.1-15.3.mga4
libjasper-static-devel-1.900.1-15.3.mga4

from jasper-1.900.1-15.3.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-01-23 17:01:08 CET 
Testing procedure in:
https://bugs.mageia.org/show_bug.cgi?id=14729

Whiteboard: (none) => has_procedure

Comment 2 olivier charles 2015-01-23 20:38:01 CET 
Testing on Mageia4x64 real hardware, following procedure mentioned in Comment 1

From :
jasper-1.900.1-15.2.mga4
lib64jasper1-1.900.1-15.2.mga4

To
jasper-1.900.1-15.3.mga4
lib64jasper1-1.900.1-15.3.mga4

Could in both instances open, edit, transform, save jpeg files through Imagemagick.

OK on Mageia4x64

CC: (none) => olchal
Whiteboard: has_procedure => has_procedure MGA4-64-OK

Comment 3 claire robinson 2015-01-23 22:29:43 CET 
Testing complete mga4 32

Whiteboard: has_procedure MGA4-64-OK => has_procedure mga4-32-ok MGA4-64-OK

Comment 4 claire robinson 2015-01-23 22:32:54 CET 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok MGA4-64-OK => has_procedure advisory mga4-32-ok MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-01-24 15:32:59 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0038.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED