Bug 3573 - [UPDATE REQUEST] [UPSTREAM UPDATE] openjpeg
: [UPDATE REQUEST] [UPSTREAM UPDATE] openjpeg
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 15:11 MSK by Andrew Lukoshko
Modified: 2014-01-21 18:57 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 15:11:24 MSK
Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6045, CVE-2013-6054)

Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052)

http://rhn.redhat.com/errata/RHSA-2013-1850.html

https://abf.rosalinux.ru/build_lists/1513308
https://abf.rosalinux.ru/build_lists/1513309
Comment 1 Alexander Petryakov 2014-01-15 00:39:02 MSK
 openjpeg-1.3-10.res6
*********************** RHEL Advisory *************************
Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6045, CVE-2013-6054)

Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052)

http://rhn.redhat.com/errata/RHSA-2013-1850.html
***************************************************************
QA Verified