Important: openjpeg security update
Date: Tue, 10 Jul 2012 09:40:19 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0
The following FASTBUGS have been uploaded to
i386:
cpio-2.6-25.el5.i386.rpm
e2fsprogs-1.39-34.el5_8.1.i386.rpm
e2fsprogs-devel-1.39-34.el5_8.1.i386.rpm
e2fsprogs-libs-1.39-34.el5_8.1.i386.rpm
file-4.17-28.i386.rpm
rgmanager-2.0.52-28.el5_8.2.i386.rpm
telnet-0.17-41.el5.i386.rpm
telnet-server-0.17-41.el5.i386.rpm
uuidd-1.39-34.el5_8.1.i386.rpm
x86_64:
cpio-2.6-25.el5.x86_64.rpm
e2fsprogs-1.39-34.el5_8.1.x86_64.rpm
e2fsprogs-devel-1.39-34.el5_8.1.i386.rpm
e2fsprogs-devel-1.39-34.el5_8.1.x86_64.rpm
e2fsprogs-libs-1.39-34.el5_8.1.i386.rpm
e2fsprogs-libs-1.39-34.el5_8.1.x86_64.rpm
file-4.17-28.x86_64.rpm
rgmanager-2.0.52-28.el5_8.2.x86_64.rpm
telnet-0.17-41.el5.x86_64.rpm
telnet-server-0.17-41.el5.x86_64.rpm
uuidd-1.39-34.el5_8.1.x86_64.rpm
Date: Wed, 11 Jul 2012 14:51:57 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
From: Patrick Riehecky
Subject: Security ERRATA Important: openjpeg on SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Synopsis: Important: openjpeg security update
Issue Date: 2012-07-11
CVE Numbers: CVE-2009-5030
CVE-2012-3358
OpenJPEG is an open source library for reading and writing image files in
JPEG 2000 format.
An input validation flaw, leading to a heap-based buffer overflow, was
found in the way OpenJPEG handled the tile number and size in an image tile
header. A remote attacker could provide a specially-crafted image file
that, when decoded using an application linked against OpenJPEG, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-3358)
OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from
input images that have certain color depths. A remote attacker could
provide a specially-crafted image file that, when opened in an application
linked against OpenJPEG (such as image_to_j2k), would cause the application
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2009-5030)
Users of OpenJPEG should upgrade to these updated packages, which contain
patches to correct these issues. All running applications using OpenJPEG
must be restarted for the update to take effect.
SL6:
i386
openjpeg-1.3-8.el6_3.i686.rpm
openjpeg-debuginfo-1.3-8.el6_3.i686.rpm
openjpeg-devel-1.3-8.el6_3.i686.rpm
openjpeg-libs-1.3-8.el6_3.i686.rpm
x86_64
openjpeg-1.3-8.el6_3.x86_64.rpm
openjpeg-debuginfo-1.3-8.el6_3.i686.rpm
openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm
openjpeg-devel-1.3-8.el6_3.i686.rpm
openjpeg-devel-1.3-8.el6_3.x86_64.rpm
openjpeg-libs-1.3-8.el6_3.i686.rpm
openjpeg-libs-1.3-8.el6_3.x86_64.rpm
- Scientific Linux Development Team