Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Critical Security Update: OpenJPEG on Scientific Linux 6.x SLSA-2013:1850-1

Scientific Large Esm H446
Important: openjpeg security update
Date: Tue, 17 Dec 2013 19:35:52 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: openjpeg on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: openjpeg security update
Advisory ID: SLSA-2013:1850-1
Issue Date: 2013-12-17
CVE Numbers: CVE-2013-6052
 CVE-2013-6045
 CVE-2013-6054
 CVE-2013-1447
--

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An
attacker could create a specially crafted OpenJPEG image that, when
opened, could cause an application using openjpeg to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2013-6045, CVE-2013-6054)

Multiple denial of service flaws were found in OpenJPEG. An attacker could
create a specially crafted OpenJPEG image that, when opened, could cause
an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052)

All running applications using OpenJPEG must be restarted for the update
to take effect.
--

SL6
 x86_64
 openjpeg-debuginfo-1.3-10.el6_5.i686.rpm
 openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm
 openjpeg-libs-1.3-10.el6_5.i686.rpm
 openjpeg-libs-1.3-10.el6_5.x86_64.rpm
 openjpeg-1.3-10.el6_5.x86_64.rpm
 openjpeg-devel-1.3-10.el6_5.i686.rpm
 openjpeg-devel-1.3-10.el6_5.x86_64.rpm
 i386
 openjpeg-debuginfo-1.3-10.el6_5.i686.rpm
 openjpeg-libs-1.3-10.el6_5.i686.rpm
 openjpeg-1.3-10.el6_5.i686.rpm
 openjpeg-devel-1.3-10.el6_5.i686.rpm

- Scientific Linux Development Team