Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Fedora 32: FEDORA-2020-d32853a28d Critical: Openjpeg2 Buffer Overflow

fedora
Calendar Grey January 14, 2021
Dist Fedora Esm H88
Essential security update for Fedora 32's openjpeg2 resolves various buffer overflow vulnerabilities to bolster system protection.
This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845

Summary

The OpenJPEG library is an open-source JPEG 2000 library developed in order to

promote the use of JPEG 2000.

This package contains

* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1

compliance).

* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple

component transforms for multispectral and hyperspectral imagery)

This update backports patches for CVE-2020-27841, CVE-2020-27842,

CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for

CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.

* Thu Dec 17 2020 Sandro Mani - 2.3.1-10

* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845

* Thu Dec 10 2020 Sandro Mani - 2.3.1-9

* Backport patches for CVE-2020-27824 and CVE-2020-27823

* Sat Nov 28 2020 Sandro Mani - 2.3.1-8

- Backport patch for CVE-2020-27814

* Tue Jul 28 2020 Fedora Release Engineering - 2.3.1-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[ 1 ] Bug #1902000 - CVE-2020-27814 openjpeg2: openjpeg: Heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1902000

[ 2 ] Bug #1902001 - CVE-2020-27814 mingw-openjpeg2: openjpeg: Heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1902001

[ 3 ] Bug #1905725 - CVE-2020-27824 openjpeg2: openjpeg: global-buffer-overflow read in lib-openjp2 [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1905725

[ 4 ] Bug #1906220 - CVE-2020-27823 openjpeg2: openjpeg: Heap-buffer-overflow write in lib-openjp2 [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1906220

[ 5 ] Bug #1907674 - CVE-2020-27841 openjpeg2: openjpeg: heap-based buffer overflows in lib/openjp2/pi.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907674

[ 6 ] Bug #1907675 - CVE-2020-27841 mingw-openjpeg2: openjpeg: heap-based buffer overflows in lib/openjp2/pi.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907675

[ 7 ] Bug #1907681 - CVE-2020-27842 openjpeg2: openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907681

[ 8 ] Bug #1907682 - CVE-2020-27842 mingw-openjpeg2: openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907682

[ 9 ] Bug #1907686 - CVE-2020-27843 openjpeg2: openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907686

[ 10 ] Bug #1907688 - CVE-2020-27843 mingw-openjpeg2: openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907688

[ 11 ] Bug #1907702 - CVE-2020-27845 openjpeg2: openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907702

[ 12 ] Bug #1907703 - CVE-2020-27845 mingw-openjpeg2: openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1907703

su -c 'dnf upgrade --advisory FEDORA-2020-d32853a28d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 32
Version: 2.3.1
Release: 10.fc32
Summary: C-Library for JPEG 2000

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.