Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in OpenJPEG
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OpenJPEG
ID: USN-4497-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Di, 15. September 2020, 22:55
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15389
Applikationen: OpenJPEG

Originalnachricht

 
==========================================================================
Ubuntu Security Notice USN-4497-1
September 15, 2020

OpenJPEG vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenJPEG.

Software Description:
- openjpeg2: Open-source JPEG 2000 codec written in C language

Details:

It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9112)

It was discovered that OpenJPEG did not properly handle certain input. If
OpenJPEG were supplied with specially crafted input, it could be made to crash
or potentially execute arbitrary code.
(CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389)

It was discovered that OpenJPEG incorrectly handled certain BMP files. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2019-12973)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libopenjp2-7                    2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp2-tools                2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp3d-tools               2.1.2-1.1+deb9u5build0.16.04.1
  libopenjp3d7                    2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-dec-server          2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-server              2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip-viewer              2.1.2-1.1+deb9u5build0.16.04.1
  libopenjpip7                    2.1.2-1.1+deb9u5build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4497-1
  https://launchpad.net/bugs/XXXXXX

Package Information:
  https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2-1.1+deb9u5build0.16.04.1

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung