openjpeg2-2.3.1-2.el7

エラータID: AXSA:2020-4445:02

Release date: 
Tuesday, February 11, 2020 - 12:12
Subject: 
openjpeg2-2.3.1-2.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Security Fix(es):

* openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor() (CVE-2020-6851)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-6851
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.

Solution: 

Update packages.

CVEs: 
CVE-2020-6851
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Additional Info: 

N/A

Download: 

SRPMS
  1. openjpeg2-2.3.1-2.el7.src.rpm
    MD5: 850fc07283440e35a4898f3d53fd21b8
    SHA-256: c01edb703793b6cee7eb4098a19570b10617569ebe87673014f3d4f2deb68f1d
    Size: 2.12 MB

Asianux Server 7 for x86_64
  1. openjpeg2-2.3.1-2.el7.x86_64.rpm
    MD5: 9e6871dc4d3961e1f083de49a46cd95c
    SHA-256: 0ad68fe6414dfb58063d70e8336f04a799e277198c086ab4228e3029a924e659
    Size: 151.85 kB
  2. openjpeg2-2.3.1-2.el7.i686.rpm
    MD5: 3da361506add84f33c26ed1943a4cace
    SHA-256: 594290bfea99f3a78a198329bf00e4b9f13572e2621774649cdfcdf770f5bb12
    Size: 153.09 kB