Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 16.04 LTS: USN-4497-1 Critical OpenJPEG Security Issues

ubuntu
Calendar Grey September 15, 2020
Dist Ubuntu Esm H88
Multiple security vulnerabilities in OpenJPEG were addressed in Ubuntu 16.04 LTS, mitigating risks of Denial of Service and potential code execution threats.
Several security issues were fixed in OpenJPEG.

Summary

Several security issues were fixed in OpenJPEG.

Software Description:

- openjpeg2: Open-source JPEG 2000 codec written in C language

Details:

It was discovered that OpenJPEG incorrectly handled certain image files. A

remote attacker could possibly use this issue to cause a denial of service.

(CVE-2016-9112)

It was discovered that OpenJPEG did not properly handle certain input. If

OpenJPEG were supplied with specially crafted input, it could be made to crash

or potentially execute arbitrary code.

(CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389)

It was discovered that OpenJPEG incorrectly handled certain BMP files. A

remote attacker could possibly use this issue to cause a denial of service.

(CVE-2019-12973)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libopenjp2-7                    2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp2-tools                2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp3d-tools               2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp3d7                    2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-dec-server          2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-server              2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-viewer              2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip7                    2.1.2-1.1+deb9u5build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4497-1

Severity
critical
Lowest
Low
Medium
High
Critical

September 15, 2020

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here