Upstream has issued an advisory on January 21: http://www.ocert.org/advisories/ocert-2015-001.html RedHat has issued an advisory for this on January 22: https://rhn.redhat.com/errata/RHSA-2015-0074.html Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157). An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158 http://www.ocert.org/advisories/ocert-2015-001.html https://rhn.redhat.com/errata/RHSA-2015-0074.html ======================== Updated packages in core/updates_testing: ======================== jasper-1.900.1-15.3.mga4 libjasper1-1.900.1-15.3.mga4 libjasper-devel-1.900.1-15.3.mga4 libjasper-static-devel-1.900.1-15.3.mga4 from jasper-1.900.1-15.3.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure in: https://bugs.mageia.org/show_bug.cgi?id=14729
Whiteboard: (none) => has_procedure
Testing on Mageia4x64 real hardware, following procedure mentioned in Comment 1 From : jasper-1.900.1-15.2.mga4 lib64jasper1-1.900.1-15.2.mga4 To jasper-1.900.1-15.3.mga4 lib64jasper1-1.900.1-15.3.mga4 Could in both instances open, edit, transform, save jpeg files through Imagemagick. OK on Mageia4x64
CC: (none) => olchalWhiteboard: has_procedure => has_procedure MGA4-64-OK
Testing complete mga4 32
Whiteboard: has_procedure MGA4-64-OK => has_procedure mga4-32-ok MGA4-64-OK
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure mga4-32-ok MGA4-64-OK => has_procedure advisory mga4-32-ok MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0038.html
Status: NEW => RESOLVEDResolution: (none) => FIXED