Amazon Linux AMI : jasper (ALAS-2017-836)

critical Nessus Plugin ID 100637

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A

specially crafted file could cause an application using JasPer to crash or,

possibly, execute arbitrary code. ( CVE-2016-8654 , CVE-2016-9560 , CVE-2016-10249 ,

CVE-2015-5203 , CVE-2015-5221 , CVE-2016-1577 , CVE-2016-8690 , CVE-2016-8693 ,

CVE-2016-8884 , CVE-2016-8885 , CVE-2016-9262 , CVE-2016-9591 )

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A

specially crafted file could cause an application using JasPer to crash.

(CVE-2016-1867 , CVE-2016-2089 , CVE-2016-2116 , CVE-2016-8691 , CVE-2016-8692 ,

CVE-2016-8883 , CVE-2016-9387 , CVE-2016-9388 , CVE-2016-9389 , CVE-2016-9390 ,

CVE-2016-9391 , CVE-2016-9392 , CVE-2016-9393 , CVE-2016-9394 , CVE-2016-9583 ,

CVE-2016-9600 , CVE-2016-10248 , CVE-2016-10251)

Solution

Run 'yum update jasper' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2017-836.html

Plugin Details

Severity: Critical

ID: 100637

File Name: ala_ALAS-2017-836.nasl

Version: 3.4

Type: local

Agent: unix

Published: 6/7/2017

Updated: 7/10/2019

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:jasper-devel, p-cpe:/a:amazon:linux:jasper-debuginfo, p-cpe:/a:amazon:linux:jasper, p-cpe:/a:amazon:linux:jasper-libs, cpe:/o:amazon:linux, p-cpe:/a:amazon:linux:jasper-utils

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 7/25/2017

Vulnerability Publication Date: 1/20/2016

Reference Information

CVE: CVE-2015-5203, CVE-2015-5221, CVE-2016-1024, CVE-2016-10251, CVE-2016-1577, CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8654, CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8883, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560, CVE-2016-9583, CVE-2016-9591, CVE-2016-9600

ALAS: 2017-836

RHSA: 2017:1208