Description:
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.
Security Fix(es):
* jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828)
* jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272)
* jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926)
* jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
jasper-libs-2.0.14-5.el8.aarch64.rpm |
3873876d5efbca83bba2cdbf37f7575beca9fbc0908f0dc4544564e1a58b1fdf |
| aarch64 |
jasper-devel-2.0.14-5.el8.aarch64.rpm |
96266e370437661ff5881fffdeb92f42908226f8ba622b792601e1a73fa76e96 |
| i686 |
jasper-libs-2.0.14-5.el8.i686.rpm |
116771f2f80d4aa712474de9347b8ba86ef04213333946837dec30f8aaa20a12 |
| i686 |
jasper-devel-2.0.14-5.el8.i686.rpm |
90542fa9ba87781c059c0348bf1323c856abae4896a2cb38119677334ac846a1 |
| ppc64le |
jasper-devel-2.0.14-5.el8.ppc64le.rpm |
0f6cf72c0fefbd2fd4089f7a5f8f62edf691df5d8da92351c8fb4755be567fa2 |
| ppc64le |
jasper-libs-2.0.14-5.el8.ppc64le.rpm |
a2cb986bc85f9fac7edfaef266b5f5f9fafe5d87f91cd71b22d30cc64dda7ded |
| x86_64 |
jasper-devel-2.0.14-5.el8.x86_64.rpm |
0a3847e660dbcc8cff51db91ecbbd14a1c1bdc415cfd1ca7714c582d7448853f |
| x86_64 |
jasper-libs-2.0.14-5.el8.x86_64.rpm |
b17cac2a91cd7f32c93f0f4f3412276ca61614caf5fddd658d9d33da38449da5 |
