Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 34: FEDORA-2021-d246g672ab Severe: Libxyz Integer Overflow

fedora
Calendar Grey June 11, 2021
Dist Fedora Esm H88
The latest Fedora release for openjpeg2 resolves a significant buffer overflow vulnerability and introduces suggested patches for systems impacted by CVE-2021-29338.
Add proposed patches for CVE-2021-29338 and a heap buffer overflow.

Summary

The OpenJPEG library is an open-source JPEG 2000 library developed in order to

promote the use of JPEG 2000.

This package contains

* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1

compliance).

* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple

component transforms for multispectral and hyperspectral imagery)

Add proposed patches for CVE-2021-29338 and a heap buffer overflow.

* Thu May 27 2021 Sandro Mani - 2.3.1-11

- Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616)

[ 1 ] Bug #1950103 - CVE-2021-29338 mingw-openjpeg2: openjpeg2: out-of-bounds write due to an integer overflow in opj_compress.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1950103

[ 2 ] Bug #1950105 - CVE-2021-29338 openjpeg2: out-of-bounds write due to an integer overflow in opj_compress.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1950105

[ 3 ] Bug #1957618 - CVE-2021-3575 openjpeg2: openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1957618

su -c 'dnf upgrade --advisory FEDORA-2021-e145f477df' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory fedora critical patches heap buffer overflow openjpeg2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 2.3.1
Release: 11.fc33
URL: https://github.com/uclouvain/openjpeg
Summary: C-Library for JPEG 2000

Topics%20covered

Topics Covered

security advisory fedora critical patches heap buffer overflow openjpeg2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here