FSA/F7/FEDORA-2007-0005

[SECURITY] Fedora 7 Update: jasper-1.900.1-2.fc7
Fedora Update Notification FEDORA-2007-0007 (Corrected) None

Name       : jasper Product    : Fedora 7 Version    : 1.900.1 Release    : 2.fc7 Summary    : Implementation of the JPEG-2000 standard, Part 1 Description : This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats.

Update Information:

This update addresses an issue where the jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.

ChangeLog:

- CVE-2007-2721 (#240397)
 * Wed May 23 2007 Rex Dieter  1.900.1-2

References:

Bug #240397 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397 CVE-2007-2721 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721

Updated packages:

d1ad33ddc37ab768ed6680048be8d6ff298c5193 jasper-debuginfo-1.900.1-2.fc7.ppc64.rpm 487a2d7359e9bda009d1cb90e12d9a94b4bb8455 jasper-devel-1.900.1-2.fc7.ppc64.rpm b848fcedda02f79acc2ad2a50d058ee43a274651 jasper-1.900.1-2.fc7.ppc64.rpm 3efe94050c58f766413f0c8981e33d9b49ed7a83 jasper-devel-1.900.1-2.fc7.i386.rpm 7dbffd09354793d414153b58525d50edc63efe9f jasper-1.900.1-2.fc7.i386.rpm 8800f678c0f0e59617b5406026f9ea024c74d59a jasper-debuginfo-1.900.1-2.fc7.i386.rpm e062a97af5434d7f6fdc43ae78468b810e79363a jasper-debuginfo-1.900.1-2.fc7.x86_64.rpm 661da74b51d29d66f1aa9e7a0cab5e9d00e387f2 jasper-devel-1.900.1-2.fc7.x86_64.rpm 28b3c4972e4fe4ff559508f275baf44afa737fe3 jasper-1.900.1-2.fc7.x86_64.rpm 2fd896cac056c8213ccc8316645357bfbe31fefa jasper-debuginfo-1.900.1-2.fc7.ppc.rpm 379381c938132c783da4f20fd32fcd67d6c02f81 jasper-1.900.1-2.fc7.ppc.rpm 24c1f280a11268e0297a2440898bf5e4637dfcea jasper-devel-1.900.1-2.fc7.ppc.rpm b51f9c6f957de49b24964c90f3da385d6379164a jasper-1.900.1-2.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.