Red Hat Security Advisory: rhevm-spice-client security, bug fix, and enhancement update
🔗 CVE IDs covered (9)
📋 Description
CVE-2008-3520 — jasper: multiple integer overflows in jas_alloc calls CVE-2008-3522 — jasper: possible buffer overflow in jas_stream_printf() CVE-2011-4516 — jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) CVE-2011-4517 — jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) CVE-2014-8137 — jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) CVE-2014-8138 — jasper: heap overflow in jp2_decode() (oCERT-2014-012) CVE-2014-8157 — jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001) CVE-2014-8158 — jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001) CVE-2014-9029 — jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2015:0698
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=461476
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=461478
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=747726
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1167537
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1172126
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1173157
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1173162
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1179282
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1179298
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1187270
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0698.json