What Are You Looking For?

Sign Up
=========================================================================Ubuntu Security Notice USN-4497-1
September 15, 2020

OpenJPEG vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenJPEG.

Software Description:
- openjpeg2: Open-source JPEG 2000 codec written in C language

Details:

It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9112)

It was discovered that OpenJPEG did not properly handle certain input. If
OpenJPEG were supplied with specially crafted input, it could be made to crash
or potentially execute arbitrary code.
(CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389)

It was discovered that OpenJPEG incorrectly handled certain BMP files. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2019-12973)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libopenjp2-7                    2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp2-tools                2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp3d-tools               2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp3d7                    2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-dec-server          2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-server              2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-viewer              2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip7                    2.1.2-1.1+deb9u5build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4497-1
  
Package Information:
  https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2-1.1+deb9u5build0.16.04.1

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Ubuntu 4497-1: OpenJPEG vulnerabilities

September 15, 2020
Several security issues were fixed in OpenJPEG.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libopenjp2-7 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp2-tools 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp3d-tools 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp3d7 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip-dec-server 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip-server 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip-viewer 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip7 2.1.2-1.1+deb9u5build0.16.04.1 In general, a standard system update will make all the necessary changes.

References

https://usn.ubuntu.com/4497-1

Severity
September 15, 2020

Package Information

https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2-1.1+deb9u5build0.16.04.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo