Oval Definition:oval:org.opensuse.security:def:101587
Revision Date:2022-04-19Version:1
Title:Security update for openjpeg2 (Important)
Description:

This update for openjpeg2 fixes the following issues:

- CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314). - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967). - CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130). - CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
Family:unixClass:patch
Status:Reference(s):1076314
1076967
1079845
1102016
1106881
1106882
1140130
1155094
1160782
1162090
1173578
1174091
1174571
1174701
1177211
1178009
1179193
1179630
1180457
1184774
1197738
CVE-2018-14423
CVE-2018-16375
CVE-2018-16376
CVE-2018-20845
CVE-2018-5727
CVE-2018-5785
CVE-2018-6616
CVE-2019-16935
CVE-2019-18348
CVE-2019-20907
CVE-2019-5010
CVE-2020-14422
CVE-2020-15389
CVE-2020-26116
CVE-2020-27619
CVE-2020-27823
CVE-2020-6851
CVE-2020-8112
CVE-2020-8492
CVE-2021-29338
CVE-2022-1122
SUSE-SU-2020:3930-1
SUSE-SU-2022:1252-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND python3-tools-3.6.12-3.67.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • libopenjp2-7-2.3.0-150000.3.5.1 is installed
  • OR openjpeg2-2.3.0-150000.3.5.1 is installed
  • OR openjpeg2-devel-2.3.0-150000.3.5.1 is installed
    • BACK