openjpeg2-2.3.1-3.el8

エラータID: AXSA:2020-159:04

Release date: 
Thursday, August 27, 2020 - 05:02
Subject: 
openjpeg2-2.3.1-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Security Fix(es):

* openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

Solution: 

Update packages.

CVEs: 
CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Additional Info: 

N/A

Download: 

SRPMS
  1. openjpeg2-2.3.1-3.el8.src.rpm
    MD5: cdeb2b3397e2399aa65c686874541d0a
    SHA-256: 41c2ca461f9b41fbf2881a8dbece04d4054ae78c25ad08d18f5a98775608c9dc
    Size: 2.12 MB

Asianux Server 8 for x86_64
  1. openjpeg2-2.3.1-3.el8.x86_64.rpm
    MD5: 0c53df9ba1553ef3e240acac9270a7a9
    SHA-256: 364e5d341e81de1a1e237a4079fa2362892acebfc77090abf8581b3612de6ced
    Size: 152.61 kB
  2. openjpeg2-devel-docs-2.3.1-3.el8.noarch.rpm
    MD5: 017ed1856a14a49324518d1392ff3bee
    SHA-256: 1b5e6254d0384aeecb55718fcdf58bd75cb22e4669ee8ab2458812e55adba361
    Size: 842.81 kB
  3. openjpeg2-tools-2.3.1-3.el8.x86_64.rpm
    MD5: ef9bf6cc9566ead10981293c0de874d0
    SHA-256: a013f6c9c59617d232ca3df84e29668a89527dcff6ae160166d408f01bb254ad
    Size: 81.43 kB
  4. openjpeg2-2.3.1-3.el8.i686.rpm
    MD5: d6815d9426492b48243056dc4fef426f
    SHA-256: efff49a0e1fe1aaa4b1b2fec6a948b4b410863232633b86b2ac08f6c517a9658
    Size: 163.55 kB