View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Oct 23, 2017 4:26 am Post subject: [ GLSA 201710-26 ] OpenJPEG |
|
|
Gentoo Linux Security Advisory
Title: OpenJPEG: Multiple vulnerabilities (GLSA 201710-26)
Severity: normal
Exploitable: remote
Date: 2017-10-23
Bug(s): #602180, #606618, #628504, #629372, #629668, #630120
ID: 201710-26
Synopsis
Multiple vulnerabilities have been found in OpenJPEG, the worst of
which may allow remote attackers to execute arbitrary code.
Background
OpenJPEG is an open-source JPEG 2000 library.
Affected Packages
Package: media-libs/openjpeg
Vulnerable: < 2.3.0
Unaffected: >= 2.3.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in OpenJPEG. Please review
the references below for details.
Impact
A remote attacker, via a crafted BMP, PDF, or j2k document, could
execute arbitrary code, cause a Denial of Service condition, or have
other unspecified impacts.
Workaround
There is no known workaround at this time.
Resolution
All OpenJPEG users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.3.0:2"
|
References
CVE-2016-10504
CVE-2016-10505
CVE-2016-10506
CVE-2016-10507
CVE-2016-1626
CVE-2016-1628
CVE-2016-9112
CVE-2016-9113
CVE-2016-9114
CVE-2016-9115
CVE-2016-9116
CVE-2016-9117
CVE-2016-9118
CVE-2016-9572
CVE-2016-9573
CVE-2016-9580
CVE-2016-9581
CVE-2017-12982
CVE-2017-14039
CVE-2017-14164
Last edited by GLSA on Mon Jan 15, 2018 4:16 am; edited 1 time in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|