ALAS-2011-029

Amazon Linux 1 Security Advisory: ALAS-2011-29
Advisory Release Date: 2011-12-12 13:45 Pacific
Advisory Updated Date: 2014-09-14 15:07 Pacific

Severity: Important

References: CVE-2011-4516 RHSA-2011-1807
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.

Affected Packages:

jasper

Issue Correction:
Run yum update jasper to update your system.

New Packages:

i686:
    jasper-debuginfo-1.900.1-15.5.amzn1.i686
    jasper-devel-1.900.1-15.5.amzn1.i686
    jasper-libs-1.900.1-15.5.amzn1.i686
    jasper-1.900.1-15.5.amzn1.i686
    jasper-utils-1.900.1-15.5.amzn1.i686

src:
    jasper-1.900.1-15.5.amzn1.src

x86_64:
    jasper-1.900.1-15.5.amzn1.x86_64
    jasper-utils-1.900.1-15.5.amzn1.x86_64
    jasper-debuginfo-1.900.1-15.5.amzn1.x86_64
    jasper-devel-1.900.1-15.5.amzn1.x86_64
    jasper-libs-1.900.1-15.5.amzn1.x86_64

Additional References

Red Hat: CVE-2011-4516

Mitre: CVE-2011-4516