FrSIRT - Fedora Security Update Fixes JasPer "jpc_qcx_getcompparms()" DoS Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes JasPer "jpc_qcx_getcompparms()" DoS Vulnerability

Title : Fedora Security Update Fixes JasPer "jpc_qcx_getcompparms()" DoS Vulnerability
Advisory ID : FrSIRT/ADV-2007-2030
CVE ID : CVE-2007-2721
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-04

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or potentially compromise an affected system [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/7/

d1ad33ddc37ab768ed6680048be8d6ff298c5193 jasper-debuginfo-1.900.1-2.fc7.ppc64.rpm
487a2d7359e9bda009d1cb90e12d9a94b4bb8455 jasper-devel-1.900.1-2.fc7.ppc64.rpm
b848fcedda02f79acc2ad2a50d058ee43a274651 jasper-1.900.1-2.fc7.ppc64.rpm
3efe94050c58f766413f0c8981e33d9b49ed7a83 jasper-devel-1.900.1-2.fc7.i386.rpm
7dbffd09354793d414153b58525d50edc63efe9f jasper-1.900.1-2.fc7.i386.rpm
8800f678c0f0e59617b5406026f9ea024c74d59a jasper-debuginfo-1.900.1-2.fc7.i386.rpm
e062a97af5434d7f6fdc43ae78468b810e79363a jasper-debuginfo-1.900.1-2.fc7.x86_64.rpm
661da74b51d29d66f1aa9e7a0cab5e9d00e387f2 jasper-devel-1.900.1-2.fc7.x86_64.rpm
28b3c4972e4fe4ff559508f275baf44afa737fe3 jasper-1.900.1-2.fc7.x86_64.rpm
2fd896cac056c8213ccc8316645357bfbe31fefa jasper-debuginfo-1.900.1-2.fc7.ppc.rpm
379381c938132c783da4f20fd32fcd67d6c02f81 jasper-1.900.1-2.fc7.ppc.rpm
24c1f280a11268e0297a2440898bf5e4637dfcea jasper-devel-1.900.1-2.fc7.ppc.rpm
b51f9c6f957de49b24964c90f3da385d6379164a jasper-1.900.1-2.fc7.src.rpm

ChangeLog

2007-06-04 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability
	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability