An advisory has been issued today (December 18): http://www.ocert.org/advisories/ocert-2014-012.html Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137). A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138 http://www.ocert.org/advisories/ocert-2014-012.html ======================== Updated packages in core/updates_testing: ======================== jasper-1.900.1-15.2.mga4 libjasper1-1.900.1-15.2.mga4 libjasper-devel-1.900.1-15.2.mga4 libjasper-static-devel-1.900.1-15.2.mga4 from jasper-1.900.1-15.2.mga4.src.rpm Reproducible: Steps to Reproduce:
Severity: major => critical
Procedure: https://bugs.mageia.org/show_bug.cgi?id=14729
Whiteboard: (none) => has_procedure
MGA4-64 on HP-Probook 6555b No problems installing jasper. As in Comment 1, I can open and edit a jpg file.
CC: (none) => herman.viaeneWhiteboard: has_procedure => has_procedure MGA4-64 OK
MGA4-32 on Acer D620 Works OK, same test as Comment 1
Whiteboard: has_procedure MGA4-64 OK => has_procedure MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded. Could sysadmin please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0539.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/627055/