You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openjpeg2

Sigurnosni nedostaci programskog paketa openjpeg2

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4109-1
August 21, 2019

openjpeg2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenJPEG.

Software Description:
– openjpeg2: JPEG 2000 image compression/decompression library

Details:

It was discovered that OpenJPEG incorrectly handled certain PGX files. An
attacker could possibly use this issue to cause a denial of service or possibly
remote code execution. (CVE-2017-17480)

It was discovered that OpenJPEG incorrectly handled certain files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2018-14423)

It was discovered that OpenJPEG incorrectly handled certain PNM files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-18088)

It was discovered that OpenJPEG incorrectly handled certain BMP files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-5785, CVE-2018-6616)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libopenjp2-7 2.3.0-2build0.18.04.1
libopenjp3d7 2.3.0-2build0.18.04.1
libopenjpip7 2.3.0-2build0.18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4109-1
CVE-2017-17480, CVE-2018-14423, CVE-2018-18088, CVE-2018-5785,
CVE-2018-6616

Package Information:
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.0-2build0.18.04.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl1dhaIACgkQkGeI6zGn
N/93yQ//a+gtxaNvVShph/JhmS/7RAkn/zpwPxZXQPTSx+q+WdLOQiLxg1CYPiyL
mxw2XZOTYalD5I5Z5j7ZtzF1Uvyg5HDg18vW0uL9h8xIMnmx+JrXNXJVmX43OZLC
U5mIig24fvYSt0yZpIa1p4pzVg8hgunkyLv5BoKxw5FHrKqB7Bh5gmmj2FHNmDsW
46iQeobLSC5jdK63EXvLVDdlxFjZ0dfCjoVpQKtTkQAMkNuBzCemz25wPEwFvDd8
QElLjKDwmYZpUaNZZoCBjAMxmSdooSvv2cv4woOBsdAnMHKnI3wqwT/1CfjvbfAx
6HDA8upodzsXmNz3vcj1YpeFBEcLE7xUatcsYzVprBA1qV8XfjiYPk0Hpy2N4FXf
TFaUmovNS4GgyYl9ovctQpSIZugQ0OoD10vPFZHCPRdk4A/CZTxVlL1IEJjomPFm
kf5KgjjVPTqzjrvoL8uTmBGREEb8H6Ek8ImK/HkI3uxozk0992VM3fhQfq1YL2EL
VvjdSQhfczbaOjcjYO3ixg09/MZZQGz9/XAMZHB2VTAyxExWAi4zyPIgP3tQXbbh
ITEPcChnW8Crq9oSvboxxGQ5lHhbhbHup1D8XZc7/nw+VSSGPfXcULnVyo7PGzSX
qdzv9+2RaahjKM7/g+ZbU5PUM5jO14RqMZW1cvNbTtJlUEG+mDI=
=cmEt
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libzstd

Otkriven je sigurnosni nedostatak programske biblioteke libzstd za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja ili...

Close