Upstream has issued an advisory on January 21:
RedHat has issued an advisory for this on January 22:
Patched packages uploaded for Mageia 4 and Cauldron.
Updated jasper packages fix security vulnerabilities:
An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code (CVE-2014-8157).
An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing procedure in:
Testing on Mageia4x64 real hardware, following procedure mentioned in Comment 1
Could in both instances open, edit, transform, save jpeg files through Imagemagick.
OK on Mageia4x64
Testing complete mga4 32
has_procedure MGA4-64-OK =>
has_procedure mga4-32-ok MGA4-64-OK
Validating. Advisory uploaded.
Please push to 4 updates
has_procedure mga4-32-ok MGA4-64-OK =>
has_procedure advisory mga4-32-ok MGA4-64-OKCC:
An update for this issue has been pushed to Mageia Updates repository.