Bug 725758 - VUL-0: jasper: multiple buffer overflows
Summary: VUL-0: jasper: multiple buffer overflows
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2011-12-02
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp1:44469 maint:...
Keywords: DSLA_REQUIRED
Depends on:
Blocks:
 
Reported: 2011-10-21 12:18 UTC by Matthias Weckbecker
Modified: 2016-01-24 18:12 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2011-11-25 12:01:09 UTC 
The SWAMPID for this issue is 44355.
This issue was rated as important.
Please submit fixed packages until 2011-12-02.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Ludwig Nussel 2011-12-06 09:39:35 UTC 
CVE-2011-4516 and CVE-2011-4517
Comment 15 Swamp Workflow Management 2011-12-09 18:14:31 UTC 
Update released for: jasper, libjasper, libjasper-devel
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 16 Swamp Workflow Management 2011-12-12 18:05:18 UTC 
Update released for: jasper, libjasper
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 17 Swamp Workflow Management 2011-12-12 18:05:25 UTC 
Update released for: jasper, jasper-debuginfo, libjasper, libjasper-32bit
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 18 Ludwig Nussel 2011-12-13 10:39:34 UTC 
openSUSE?
Comment 19 Bernhard Wiedemann 2011-12-13 15:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (725758) was mentioned in
https://build.opensuse.org/request/show/96476 Evergreen:11.1 / jasper
https://build.opensuse.org/request/show/96478 Evergreen:11.2 / jasper
Comment 20 Ludwig Nussel 2011-12-14 10:25:30 UTC 
anyone want to provide fixes for 11.3-12.1 too?
Comment 21 Bernhard Wiedemann 2011-12-14 12:00:28 UTC 
This is an autogenerated message for OBS integration:
This bug (725758) was mentioned in
https://build.opensuse.org/request/show/96579 12.1 / jasper
https://build.opensuse.org/request/show/96580 11.4 / jasper
https://build.opensuse.org/request/show/96581 11.3 / jasper
Comment 22 Ludwig Nussel 2011-12-14 13:45:27 UTC 
Thanks!
Comment 23 Swamp Workflow Management 2011-12-14 15:07:08 UTC 
Update released for: jasper, jasper-debuginfo, libjasper, libjasper-32bit
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 24 Ludwig Nussel 2011-12-16 08:47:45 UTC 
released
Comment 25 Swamp Workflow Management 2011-12-16 08:48:42 UTC 
Update released for: jasper, jasper-debuginfo, jasper-debugsource, libjasper, libjasper-debuginfo, libjasper-devel, libjasper1, libjasper1-debuginfo
Products:
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)
Comment 26 Swamp Workflow Management 2011-12-28 15:00:15 UTC 
Update released for: jasper, jasper-debuginfo, jasper-debugsource, libjasper, libjasper-debuginfo, libjasper-devel, libjasper1, libjasper1-debuginfo
Products:
openSUSE 11.3 (debug, i586, x86_64)
Comment 27 Sascha Weber 2015-08-10 09:42:38 UTC 
We would need a PTF for customer HUAWEI for SLES 10 SP2 for CVE-2011-4516:

L3#43599 has been created:
Account Name: HUAWEI TECHNOLOGIES CO LTD
Domain: @huawei.com
SR#10964692391
Comment 28 Swamp Workflow Management 2016-01-24 18:12:43 UTC 
openSUSE-SU-2016:0217-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (low)
Bug References: 725758,830803,881716,961886
CVE References: CVE-2014-8138,CVE-2016-1867
Sources used:
openSUSE 13.1 (src):    jasper-1.900.1-160.16.1