Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE 13.2: SU-2017:0185-1 Important: openjpeg2 Heap Overflow Fix

opensuse
Calendar Grey January 17, 2017
Dist Opensuse Esm H88
Crucial openSUSE patch for openjpeg2 resolves 13 vulnerabilities to boost system security and reliability. Update immediately!
An update that fixes 13 vulnerabilities is now available

Description

This update for openjpeg2 fixes the following issues:

* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could

lead to heap buffer overflow [bsc#1014543]

* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer

overflow and infite loop [bsc#1014975]

* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash

[bsc#999817]

* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to

code execution [bsc#1002414]

* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523

[bsc#1007747]

* CVE-2016-9113: NULL point dereference in function imagetobmp of

convertbmp.c could lead to crash [bsc#1007739]

* CVE-2016-9114: NULL Pointer Access in function imagetopnm of

convert.c:1943(jp2) could lead to crash [bsc#1007740]

* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of

convert.c(jp2) [bsc#1007741]

* CVE-2016-9116: NULL Pointer Access in...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security update software patch heap overflow important fix openSUSE openjpeg2

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2017-108=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

libopenjp2-7-2.1.0-2.3.1

libopenjp2-7-debuginfo-2.1.0-2.3.1

openjpeg2-2.1.0-2.3.1

openjpeg2-debuginfo-2.1.0-2.3.1

openjpeg2-debugsource-2.1.0-2.3.1

openjpeg2-devel-2.1.0-2.3.1

References

https://www.suse.com/security/cve/CVE-2016-7445.html

https://www.suse.com/security/cve/CVE-2016-8332.html

https://www.suse.com/security/cve/CVE-2016-9112.html

https://www.suse.com/security/cve/CVE-2016-9113.html

https://www.suse.com/security/cve/CVE-2016-9114.html

https://www.suse.com/security/cve/CVE-2016-9115.html

https://www.suse.com/security/cve/CVE-2016-9116.html

https://www.suse.com/security/cve/CVE-2016-9117.html

https://www.suse.com/security/cve/CVE-2016-9118.html

https://www.suse.com/security/cve/CVE-2016-9572.html

https://www.suse.com/security/cve/CVE-2016-9573.html

https://www.suse.com/security/cve/CVE-2016-9580.html

https://www.suse.com/security/cve/CVE-2016-9581.html

https://bugzilla.suse.com/1002414

https://bugzilla.suse.com/1007739

https://bugzilla.suse.com/1007740

https://bugzilla.suse.com/1007741

https://bugzilla.suse.com/1007742

https://bugzilla.suse.com/1007743

https://bugzilla.suse.com/1007744

https://bugzilla.suse.com/1007747

https://bugzilla.suse.com/1014543

https://bugzilla.suse.com/1...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0185-1
Rating: important
Affected Products: openSUSE 13.2 .

Topics%20covered

Topics Covered

security advisory security update software patch heap overflow important fix openSUSE openjpeg2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here