USN-3295-1: JasPer vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04

Description

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

All versions of Cloud Foundry cflinuxfs2 prior to 1.123.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.123.0 or later.

References

USN-3295-1
CVE-2016-10249
CVE-2016-10251
CVE-2016-1867
CVE-2016-2089
CVE-2016-8654
CVE-2016-8691
CVE-2016-8692
CVE-2016-8693
CVE-2016-8882
CVE-2016-9560
CVE-2016-9591
bosh.io

USN-3295-1: JasPer vulnerabilities

USN-3295-1: JasPer vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Cloud Foundry Products and Versions

Mitigation

References

You Might Also Like

USN-3606-1: LibTIFF vulnerabilities

USN-4900-1: OpenEXR vulnerabilities

USN-5537-1: MySQL vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!