Bug 3644 - New openjpeg vulnerabilities
: New openjpeg vulnerabilities
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: Private ROSA Bugs
: Private ROSA Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-19 10:23 MSK by Zombie Ryushu
Modified: 2015-07-15 19:11 MSD (History)
2 users (show)

See Also:
RPM Package: openjpeg
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
denis.silakov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2014-01-19 10:23:04 MSK
Multiple heap-based buffer overflow flaws were found in OpenJPEG. An
attacker could create a specially crafted OpenJPEG image that,
when opened, could cause an application using openjpeg to crash or,
possibly, execute arbitrary code with the privileges of the user
running the application (CVE-2013-6045).

Multiple denial of service flaws were found in OpenJPEG. An attacker
could create a specially crafted OpenJPEG image that, when opened,
could cause an application using openjpeg to crash (CVE-2013-1447,
CVE-2013-6052, CVE-2013-6053, CVE-2013-6887).
Comment 1 Stanislav Fomin 2015-03-06 19:35:19 MSK
Need restesting before releasing Enterprise X2.
Comment 2 Denis Silakov 2015-07-10 01:18:52 MSD
Advisory:
Updated openjpeg to version 1.5.2 with a set of security patches. This version is 100% backward compatible with 1.5.1 which we have now (http://upstream.rosalinux.ru/versions/openjpeg.html) and only contains different bug fixes.

Build lists:
https://abf.rosalinux.ru/build_lists/2519934
https://abf.rosalinux.ru/build_lists/2519935
Comment 3 Vladimir Potapov 2015-07-14 20:55:53 MSD
The update is sent to expanded testing
****************************************
Comment 4 Vladimir Potapov 2015-07-15 18:52:54 MSD
openjpeg-1.5.2-1
https://abf.rosalinux.ru/build_lists/2519934
https://abf.rosalinux.ru/build_lists/2519935
******************************* Advisory ******************************
Updated openjpeg to version 1.5.2 with a set of security patches. This version is 100% backward compatible with 1.5.1 which we have now (http://upstream.rosalinux.ru/versions/openjpeg.html) and only contains different bug fixes.
***********************************************************************
QA Verified