[jasper/el4] CVE-2011-4516, CVE-2011-4517 (CERT VU#887409, #765661)
Jiří Popelka
jpopelka at fedoraproject.org
Fri Dec 9 14:32:32 UTC 2011
commit cc0b1e6c6a22bff162771af5acabd10a2e154256
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Dec 9 15:30:29 2011 +0100
CVE-2011-4516, CVE-2011-4517 (CERT VU#887409, #765661)
...VE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch | 23 ++++++++++++++++++++
jasper.spec | 11 ++++++++-
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch b/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
new file mode 100644
index 0000000..f753080
--- /dev/null
+++ b/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
@@ -0,0 +1,23 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 2011-10-25 17:25:39.000000000 +0200
++++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-10-25 17:29:14.379371908 +0200
+@@ -744,6 +744,10 @@ static int jpc_cox_getcompparms(jpc_ms_t
+ return -1;
+ }
+ compparms->numrlvls = compparms->numdlvls + 1;
++ if (compparms->numrlvls > JPC_MAXRLVLS) {
++ jpc_cox_destroycompparms(compparms);
++ return -1;
++ }
+ if (prtflag) {
+ for (i = 0; i < compparms->numrlvls; ++i) {
+ if (jpc_getuint8(in, &tmp)) {
+@@ -1331,7 +1335,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms
+ jpc_crgcomp_t *comp;
+ uint_fast16_t compno;
+ crg->numcomps = cstate->numcomps;
+- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
++ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
+ return -1;
+ }
+ for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
diff --git a/jasper.spec b/jasper.spec
index 9a46f26..614c0e1 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper
Group: System Environment/Libraries
Version: 1.900.1
-Release: 13%{?dist}
+Release: 14%{?dist}
License: JasPer
URL: http://www.ece.uvic.ca/~mdadams/jasper/
@@ -29,6 +29,10 @@ Patch5: jasper-1.900.1-CVE-2008-3520.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
Patch6: jasper-1.900.1-CVE-2008-3522.patch
+# CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
+# lead to arbitrary code execution (CERT VU#887409) (#765661)
+Patch7: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
+
BuildRequires: automake
BuildRequires: libjpeg-devel
BuildRequires: freeglut-devel
@@ -74,6 +78,7 @@ Requires: %{name} = %{version}-%{release}
%patch4 -p1 -b .jpc_dec_assertion
%patch5 -p1 -b .CVE-2008-3520
%patch6 -p1 -b .CVE-2008-3522
+%patch7 -p1 -b .CVE-2011-4516-4517
%build
@@ -135,6 +140,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Dec 09 2011 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-14
+- CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
+ lead to arbitrary code execution (CERT VU#887409) (#765661)
+
* Mon Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13
- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
- CVE-2008-3522 jasper: possible buffer overflow in
More information about the scm-commits
mailing list