Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 17 Dec 2013 19:35:52 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: openjpeg on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: openjpeg security update Advisory ID: SLSA-2013:1850-1 Issue Date: 2013-12-17 CVE Numbers: CVE-2013-6052 CVE-2013-6045 CVE-2013-6054 CVE-2013-1447 -- Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6045, CVE-2013-6054) Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052) All running applications using OpenJPEG must be restarted for the update to take effect. -- SL6 x86_64 openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.x86_64.rpm openjpeg-1.3-10.el6_5.x86_64.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.x86_64.rpm i386 openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm openjpeg-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm - Scientific Linux Development Team