diff options
author | Lev Lamberov <dogsleg@debian.org> | 2019-03-10 21:52:05 +0500 |
---|---|---|
committer | Lev Lamberov <dogsleg@debian.org> | 2019-03-10 21:52:05 +0500 |
commit | da347ceee9cca800740ef75deed5e600ef8e2b1d (patch) | |
tree | abc4056bb5f019196e084a862c3c8be052cb3205 | |
parent | a5726aa58cd6d9e866f59a4ab4c652d7e380ee87 (diff) |
[SECURITY] [DSA 4405-1] openjpeg2 security update
-rw-r--r-- | english/security/2019/dsa-4405.data | 13 | ||||
-rw-r--r-- | english/security/2019/dsa-4405.wml | 50 |
2 files changed, 63 insertions, 0 deletions
diff --git a/english/security/2019/dsa-4405.data b/english/security/2019/dsa-4405.data new file mode 100644 index 00000000000..2bce3bd3eae --- /dev/null +++ b/english/security/2019/dsa-4405.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-4405-1 openjpeg2</define-tag> +<define-tag report_date>2019-3-10</define-tag> +<define-tag secrefs>CVE-2017-17480 CVE-2018-5785 CVE-2018-6616 CVE-2018-14423 CVE-2018-18088 Bug#884738 Bug#888533 Bug#889683 Bug#904873 Bug#910763</define-tag> +<define-tag packages>openjpeg2</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2019/dsa-4405.wml b/english/security/2019/dsa-4405.wml new file mode 100644 index 00000000000..dead95a4861 --- /dev/null +++ b/english/security/2019/dsa-4405.wml @@ -0,0 +1,50 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Multiple vulnerabilities have been discovered in openjpeg2, the +open-source JPEG 2000 codec, that could be leveraged to cause a denial +of service or possibly remote code execution.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17480">CVE-2017-17480</a> + + <p>Write stack buffer overflow in the jp3d and jpwl codecs can result + in a denial of service or remote code execution via a crafted jp3d + or jpwl file.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5785">CVE-2018-5785</a> + + <p>Integer overflow can result in a denial of service via a crafted bmp + file.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6616">CVE-2018-6616</a> + + <p>Excessive iteration can result in a denial of service via a crafted + bmp file.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-14423">CVE-2018-14423</a> + + <p>Division-by-zero vulnerabilities can result in a denial of service via + a crafted j2k file.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-18088">CVE-2018-18088</a> + + <p>Null pointer dereference can result in a denial of service via a + crafted bmp file.</p></li> + +</ul> + +<p>For the stable distribution (stretch), these problems have been fixed in +version 2.1.2-1.1+deb9u3.</p> + +<p>We recommend that you upgrade your openjpeg2 packages.</p> + +<p>For the detailed security status of openjpeg2 please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/openjpeg2">\ +https://security-tracker.debian.org/tracker/openjpeg2</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2019/dsa-4405.data" +# $Id: $ |