Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE Leap 42.3 Security Update: Important Opencv Buffer Overflow Fix

opensuse
Calendar Grey May 28, 2018
Dist Opensuse Esm H88
Important security enhancement for OpenCV on openSUSE addressing several vulnerabilities. Ensure your system is protected with the newest updates.
An update that fixes 5 vulnerabilities is now available.

Description

This update for opencv fixes the following issues:

- CVE-2018-5268: Fixed a heap-based buffer overflow in

incv::Jpeg2KDecoder::readComponent8u in

modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image

file. (boo#1075017)

- CVE-2017-17760: Fixed an buffer overflow in function

cv::PxMDecoder::readData (boo#1074313)

- CVE-2017-18009: Fixed a heap-based buffer over-read in function

cv::HdrDecoder::checkSignature (boo#1074312)

- CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check

the input length which could lead to out of bounds writes and crashes

(boo#1074487)

- CVE-2018-5269: Fixed an assertion failure happens in

cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of

an incorrect integer cast (bsc#1075019).

Topics%20covered

Topics Covered

security advisory buffer overflow software update important fix openSUSE opencv

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-534=1

Package List

- openSUSE Leap 42.3 (x86_64):

libopencv-qt56_3-3.1.0-4.11.1

libopencv-qt56_3-debuginfo-3.1.0-4.11.1

libopencv3_1-3.1.0-4.11.1

libopencv3_1-debuginfo-3.1.0-4.11.1

opencv-3.1.0-4.11.1

opencv-debuginfo-3.1.0-4.11.1

opencv-debugsource-3.1.0-4.11.1

opencv-devel-3.1.0-4.11.1

opencv-doc-3.1.0-4.11.1

opencv-qt5-3.1.0-4.11.1

opencv-qt5-debuginfo-3.1.0-4.11.1

opencv-qt5-debugsource-3.1.0-4.11.1

opencv-qt5-devel-3.1.0-4.11.1

opencv-qt5-doc-3.1.0-4.11.1

python-opencv-3.1.0-4.11.1

python-opencv-debuginfo-3.1.0-4.11.1

python-opencv-qt5-3.1.0-4.11.1

python-opencv-qt5-debuginfo-3.1.0-4.11.1

python3-opencv-3.1.0-4.11.1

python3-opencv-debuginfo-3.1.0-4.11.1

python3-opencv-qt5-3.1.0-4.11.1

python3-opencv-qt5-debuginfo-3.1.0-4.11.1

References

https://www.suse.com/security/cve/CVE-2017-1000450.html

https://www.suse.com/security/cve/CVE-2017-17760.html

https://www.suse.com/security/cve/CVE-2017-18009.html

https://www.suse.com/security/cve/CVE-2018-5268.html

https://www.suse.com/security/cve/CVE-2018-5269.html

https://bugzilla.suse.com/1074312

https://bugzilla.suse.com/1074313

https://bugzilla.suse.com/1074487

https://bugzilla.suse.com/1075017

https://bugzilla.suse.com/1075019

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:1438-1
Rating: important
Affected Products: openSUSE Leap 42.3

Topics%20covered

Topics Covered

security advisory buffer overflow software update important fix openSUSE opencv

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here