Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2144-1

Опубликовано: 11 авг. 2017
Источник: suse-cvrf

Описание

Security update for openjpeg2

This update for openjpeg2 fixes the following issues:

  • CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857).

  • CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12 SP3
libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP2
libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP3
libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libopenjp2-7-2.1.0-4.3.2

Ссылки

Описание

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2
Ссылки

Описание

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2
Ссылки