SUSE-SU-2022:1479-1

Details

This update for jasper fixes the following issues:

CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757).
CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798).
CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104).
CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105).

Affected Packages

jasper

SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Module for Desktop Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

2.0.14-150000.3.25.1

libjasper4

SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Real Time 15 SP2openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

2.0.14-150000.3.25.1

libjasper-devel

SUSE Linux Enterprise Module for Desktop Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

2.0.14-150000.3.25.1

libjasper4-32bit

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

2.0.14-150000.3.25.1

References

REPORT

https://bugzilla.suse.com/1182104

REPORT

https://bugzilla.suse.com/1182105

REPORT

https://bugzilla.suse.com/1184757

REPORT

https://bugzilla.suse.com/1184798

WEB

https://www.suse.com/security/cve/CVE-2021-26926

WEB

https://www.suse.com/security/cve/CVE-2021-26927

WEB

https://www.suse.com/security/cve/CVE-2021-3443

WEB

https://www.suse.com/security/cve/CVE-2021-3467

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20221479-1/