openSUSE: 2018:1385-1 Important: OpenCV Security Flaws Fixed
opensuse
May 23, 2018
An update that fixes 15 vulnerabilities is now available.
Description
This update for opencv fixes the following issues:
Security issues fixed:
- CVE-2016-1516: OpenCV had a double free issue that allowed attackers to
execute arbitrary code. (boo#1033152)
- CVE-2017-14136: OpenCV had an out-of-bounds write error in the function
FillColorRow1 in utils.cpp when reading an image file by using
cv::imread. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2017-12597. (boo#1057146)
- CVE-2017-12606: OpenCV had an out-of-bounds write error in the function
FillColorRow4 in utils.cpp when reading an image file by using
cv::imread. (boo#1052451)
- CVE-2017-12604: OpenCV had an out-of-bounds write error in the
FillUniColor function in utils.cpp when reading an image file by using
cv::imread. (boo#1052454)
- CVE-2017-12603: OpenCV had an invalid write in the
cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp
when reading an image file by using...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-492=1
Package List
- openSUSE Leap 42.3 (x86_64):
libopencv-qt56_3-3.1.0-4.6.1
libopencv-qt56_3-debuginfo-3.1.0-4.6.1
libopencv3_1-3.1.0-4.6.1
libopencv3_1-debuginfo-3.1.0-4.6.1
opencv-3.1.0-4.6.1
opencv-debuginfo-3.1.0-4.6.1
opencv-debugsource-3.1.0-4.6.1
opencv-devel-3.1.0-4.6.1
opencv-doc-3.1.0-4.6.1
opencv-qt5-3.1.0-4.6.1
opencv-qt5-debuginfo-3.1.0-4.6.1
opencv-qt5-debugsource-3.1.0-4.6.1
opencv-qt5-devel-3.1.0-4.6.1
opencv-qt5-doc-3.1.0-4.6.1
python-opencv-3.1.0-4.6.1
python-opencv-debuginfo-3.1.0-4.6.1
python-opencv-qt5-3.1.0-4.6.1
python-opencv-qt5-debuginfo-3.1.0-4.6.1
python3-opencv-3.1.0-4.6.1
python3-opencv-debuginfo-3.1.0-4.6.1
python3-opencv-qt5-3.1.0-4.6.1
python3-opencv-qt5-debuginfo-3.1.0-4.6.1
References
https://www.suse.com/security/cve/CVE-2016-1516.html
https://www.suse.com/security/cve/CVE-2017-12597.html
https://www.suse.com/security/cve/CVE-2017-12598.html
https://www.suse.com/security/cve/CVE-2017-12599.html
https://www.suse.com/security/cve/CVE-2017-12600.html
https://www.suse.com/security/cve/CVE-2017-12601.html
https://www.suse.com/security/cve/CVE-2017-12602.html
https://www.suse.com/security/cve/CVE-2017-12603.html
https://www.suse.com/security/cve/CVE-2017-12604.html
https://www.suse.com/security/cve/CVE-2017-12605.html
https://www.suse.com/security/cve/CVE-2017-12606.html
https://www.suse.com/security/cve/CVE-2017-12862.html
https://www.suse.com/security/cve/CVE-2017-12863.html
https://www.suse.com/security/cve/CVE-2017-12864.html
https://www.suse.com/security/cve/CVE-2017-14136.html
https://bugzilla.suse.com/1033152
https://bugzilla.suse.com/1052451
https://bugzilla.suse.com/1052454
https://bugzilla.suse.com/1052455
https://bugzilla.suse.com/1052456
https://bugzilla.suse.com/1052457
https://...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:1385-1
Rating: important
Affected Products:
openSUSE Leap 42.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!