Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-3521

Published: 2 October 2008

Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.

Notes

AuthorNote
kees
opened with O_EXCL
mdeslaur
ghostscript jasper already uses appropriate temp filename

Priority

Negligible

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable
(uses system jasper)
oneiric Not vulnerable
(uses system jasper)
upstream Needs triage

jasper
Launchpad, Ubuntu, Debian
dapper
Released (1.701.0-2ubuntu0.6.06.1)
feisty Ignored
(end of life, was needed)
gutsy
Released (1.900.1-3ubuntu0.7.10.1)
hardy
Released (1.900.1-3ubuntu0.8.04.1)
intrepid
Released (1.900.1-5ubuntu0.1)
lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

upstream
Released (1.900.1-5.1)
Patches:
vendor: http://patch-tracking.debian.net/patch/series/view/jasper/1.900.1-5.1/02_security.dpatch