OVAL Reference oval:org.opensuse.security:def:1507

Oval Definition:

oval:org.opensuse.security:def:1507

Revision Date:	2022-04-19	Version:	1
Title:	Security update for openjpeg2 (Important)
Description:	This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314). - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967). - CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130). - CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
Family:	unix	Class:	patch
Status:		Reference(s):	1076314 1076967 1079845 1102016 1106881 1106882 1140130 1160571 1160782 1162090 1173578 1180457 1184774 1197738 CVE-2006-4484 CVE-2015-8370 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2019-5188 CVE-2019-5188 CVE-2020-15389 CVE-2020-27823 CVE-2020-6851 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 SUSE-SU-2020:0265-1 SUSE-SU-2022:1252-1
Platform(s):	SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for CAP 15 SUSE Linux Enterprise Module for Containers 15 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Module for Realtime packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information qemu-2.0.0-40 is installed OR qemu-block-curl-2.0.0-40 is installed OR qemu-ipxe-1.0.0-40 is installed OR qemu-kvm-2.0.0-40 is installed OR qemu-seabios-1.7.4-40 is installed OR qemu-sgabios-8-40 is installed OR qemu-tools-2.0.0-40 is installed OR qemu-vgabios-1.7.4-40 is installed OR qemu-x86-2.0.0-40 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information MozillaFirefox-38.4.0esr-51 is installed OR MozillaFirefox-translations-38.4.0esr-51 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information NetworkManager-1.0.12-8 is installed OR NetworkManager-lang-1.0.12-8 is installed OR libnm-glib-vpn1-1.0.12-8 is installed OR libnm-glib4-1.0.12-8 is installed OR libnm-util2-1.0.12-8 is installed OR libnm0-1.0.12-8 is installed OR typelib-1_0-NM-1_0-1.0.12-8 is installed OR typelib-1_0-NMClient-1_0-1.0.12-8 is installed OR typelib-1_0-NetworkManager-1_0-1.0.12-8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND perl-Tk-804.034-1.44 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 is installed AND Package Information e2fsprogs-1.43.8-4.17 is installed OR e2fsprogs-devel-1.43.8-4.17 is installed OR libcom_err-devel-1.43.8-4.17 is installed OR libcom_err-devel-static-1.43.8-4.17 is installed OR libcom_err2-1.43.8-4.17 is installed OR libcom_err2-32bit-1.43.8-4.17 is installed OR libext2fs-devel-1.43.8-4.17 is installed OR libext2fs-devel-static-1.43.8-4.17 is installed OR libext2fs2-1.43.8-4.17 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information bzip2-1.0.6-5.3 is installed OR libbz2-1-1.0.6-5.3 is installed OR libbz2-1-32bit-1.0.6-5.3 is installed OR libbz2-devel-1.0.6-5.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for CAP 15 is installed AND cf-cli-6.43.0-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 is installed AND Package Information containerd-1.1.2-5.3 is installed OR docker-18.06.1_ce-6.8 is installed OR docker-bash-completion-18.06.1_ce-6.8 is installed OR docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3 is installed OR docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 SP1 is installed AND Package Information containerd-1.2.6-5.16 is installed OR docker-19.03.1_ce-6.26 is installed OR docker-bash-completion-19.03.1_ce-6.26 is installed OR docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-4.15 is installed OR docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.21 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-4.15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information exiv2-0.26-6.3 is installed OR libexiv2-26-0.26-6.3 is installed OR libexiv2-devel-0.26-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information gnome-shell-3.26.2+20180130.0d9c74212-4.19 is installed OR gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19 is installed OR gnome-shell-lang-3.26.2+20180130.0d9c74212-4.19 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND apache-pdfbox-1.8.12-5.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed AND libopenjp2-7-32bit-2.3.0-150000.3.5.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Realtime packages 15 SP1 is installed AND Package Information cluster-md-kmp-rt-4.12.14-14.11 is installed OR dlm-kmp-rt-4.12.14-14.11 is installed OR gfs2-kmp-rt-4.12.14-14.11 is installed OR kernel-devel-rt-4.12.14-14.11 is installed OR kernel-rt-4.12.14-14.11 is installed OR kernel-rt-base-4.12.14-14.11 is installed OR kernel-rt-devel-4.12.14-14.11 is installed OR kernel-rt_debug-4.12.14-14.11 is installed OR kernel-rt_debug-devel-4.12.14-14.11 is installed OR kernel-source-rt-4.12.14-14.11 is installed OR kernel-syms-rt-4.12.14-14.11 is installed OR ocfs2-kmp-rt-4.12.14-14.11 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND grub2-x86_64-xen-2.02-17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libXcursor1-1.1.14-3 is installed OR libXcursor1-32bit-1.1.14-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libproxy1-0.4.13-16.3 is installed OR libproxy1-32bit-0.4.13-16.3 is installed OR libproxy1-config-gnome3-0.4.13-16.6 is installed OR libproxy1-config-gnome3-32bit-0.4.13-16.6 is installed OR libproxy1-networkmanager-0.4.13-16.6 is installed OR libproxy1-pacrunner-webkit-0.4.13-16.6 is installed

BACK