Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2017.1095
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2017-1095)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2017-1095 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2017-1095 advisory. Vulnerability Insight: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Affected Software/OS: 'jasper' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5203 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/ https://security.gentoo.org/glsa/201707-07 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html http://www.openwall.com/lists/oss-security/2015/08/16/2 RedHat Security Advisories: RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208 SuSE Security Announcement: openSUSE-SU-2016:2722 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:2737 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:2833 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html https://usn.ubuntu.com/3693-1/ Common Vulnerability Exposure (CVE) ID: CVE-2015-5221 http://www.openwall.com/lists/oss-security/2015/08/20/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-1577 BugTraq ID: 84133 http://www.securityfocus.com/bid/84133 Debian Security Information: DSA-3508 (Google Search) http://www.debian.org/security/2016/dsa-3508 http://www.openwall.com/lists/oss-security/2016/03/03/12 http://www.ubuntu.com/usn/USN-2919-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1867 BugTraq ID: 81488 http://www.securityfocus.com/bid/81488 Debian Security Information: DSA-3785 (Google Search) http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/01/13/2 http://www.openwall.com/lists/oss-security/2016/01/13/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-2089 BugTraq ID: 83108 http://www.securityfocus.com/bid/83108 http://www.openwall.com/lists/oss-security/2016/01/28/6 http://www.openwall.com/lists/oss-security/2016/01/28/4 SuSE Security Announcement: openSUSE-SU-2016:0408 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html SuSE Security Announcement: openSUSE-SU-2016:0413 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2116 Common Vulnerability Exposure (CVE) ID: CVE-2016-8654 BugTraq ID: 94583 http://www.securityfocus.com/bid/94583 https://www.debian.org/security/2017/dsa-3785 Common Vulnerability Exposure (CVE) ID: CVE-2016-8690 BugTraq ID: 93590 http://www.securityfocus.com/bid/93590 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/ http://www.openwall.com/lists/oss-security/2016/08/23/6 http://www.openwall.com/lists/oss-security/2016/10/16/14 Common Vulnerability Exposure (CVE) ID: CVE-2016-8691 BugTraq ID: 93593 http://www.securityfocus.com/bid/93593 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/ https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8692 BugTraq ID: 93588 http://www.securityfocus.com/bid/93588 Common Vulnerability Exposure (CVE) ID: CVE-2016-8693 BugTraq ID: 93587 http://www.securityfocus.com/bid/93587 https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8883 BugTraq ID: 95865 http://www.securityfocus.com/bid/95865 http://www.openwall.com/lists/oss-security/2016/10/17/1 http://www.openwall.com/lists/oss-security/2016/10/23/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-8884 BugTraq ID: 93834 http://www.securityfocus.com/bid/93834 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/ http://www.openwall.com/lists/oss-security/2016/10/23/1 http://www.openwall.com/lists/oss-security/2016/10/23/9 Common Vulnerability Exposure (CVE) ID: CVE-2016-8885 https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690 http://www.openwall.com/lists/oss-security/2016/10/23/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-9262 BugTraq ID: 94224 http://www.securityfocus.com/bid/94224 https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c http://www.openwall.com/lists/oss-security/2016/11/10/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-9387 BugTraq ID: 94374 http://www.securityfocus.com/bid/94374 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure http://www.openwall.com/lists/oss-security/2016/11/17/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-9388 BugTraq ID: 94371 http://www.securityfocus.com/bid/94371 Common Vulnerability Exposure (CVE) ID: CVE-2016-9389 Common Vulnerability Exposure (CVE) ID: CVE-2016-9390 Common Vulnerability Exposure (CVE) ID: CVE-2016-9391 Common Vulnerability Exposure (CVE) ID: CVE-2016-9392 BugTraq ID: 94377 http://www.securityfocus.com/bid/94377 Common Vulnerability Exposure (CVE) ID: CVE-2016-9393 Common Vulnerability Exposure (CVE) ID: CVE-2016-9394 BugTraq ID: 94372 http://www.securityfocus.com/bid/94372 Common Vulnerability Exposure (CVE) ID: CVE-2016-9560 BugTraq ID: 94428 http://www.securityfocus.com/bid/94428 https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/ https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 http://www.openwall.com/lists/oss-security/2016/11/20/1 http://www.openwall.com/lists/oss-security/2016/11/23/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-9583 BugTraq ID: 94925 http://www.securityfocus.com/bid/94925 Common Vulnerability Exposure (CVE) ID: CVE-2016-9591 BugTraq ID: 94952 http://www.securityfocus.com/bid/94952 Debian Security Information: DSA-3827 (Google Search) https://www.debian.org/security/2017/dsa-3827 Common Vulnerability Exposure (CVE) ID: CVE-2016-9600
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.