openjpeg2-2.4.0-5.el8

エラータID: AXSA:2022-4149:01

Release date: 
Friday, November 25, 2022 - 08:35
Subject: 
openjpeg2-2.4.0-5.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Security Fix(es):

* openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.7 Release Notes linked from the References section.

CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. openjpeg2-2.4.0-5.el8.src.rpm
    MD5: e7e8b6acab9a33e0aae4de71f471c84c
    SHA-256: ed2347a8d8a9ac527ceb652a7b19856706b6b0f979550b3751ada6cae1af7c56
    Size: 2.15 MB

Asianux Server 8 for x86_64
  1. openjpeg2-2.4.0-5.el8.x86_64.rpm
    MD5: 967cf8335e03e361b4e9ea4eeb060ced
    SHA-256: 3dc8fa332ee50c9e4216c6e2c1f9ef931a835db940e39d74a83cc91f0a2c8759
    Size: 163.96 kB
  2. openjpeg2-devel-2.4.0-5.el8.x86_64.rpm
    MD5: 49852af877b2f6532fdcd5e8a591e446
    SHA-256: d4938e7b6ea20dd757183e6d82bfa7b1a8df1b2f2b7791e7f9fb5622206be0a1
    Size: 29.82 kB
  3. openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm
    MD5: 862b02762ae2dc0a06e97eae60a64e9d
    SHA-256: 35cde3edc2bbb775a58169f4e0e9eede3c0640bd3c04460d5842f4ad8e8ba9ee
    Size: 866.74 kB
  4. openjpeg2-tools-2.4.0-5.el8.x86_64.rpm
    MD5: b9c2561880a7ccc1d4283ff638b39e1a
    SHA-256: aea9d40dd40d1f43cc756c9157efc0a6d2bd72dbbe7a37b553f5eca2da1f6040
    Size: 100.98 kB
  5. openjpeg2-2.4.0-5.el8.i686.rpm
    MD5: 36ea5441f4faa70702b97f6554c6fed5
    SHA-256: e3584718467f15bcba63cad1820477dcd1dc346a81761277684699747e701697
    Size: 175.74 kB
  6. openjpeg2-devel-2.4.0-5.el8.i686.rpm
    MD5: 6bbfda6d19ff149aad6f13dacbdaded1
    SHA-256: 32937106ba72e0a891a1770dbcaee15097d2edd29651bb854fbe6aaddae24853
    Size: 29.84 kB
  7. openjpeg2-tools-2.4.0-5.el8.i686.rpm
    MD5: 01117945a2daa726f75b208299a6181d
    SHA-256: 81dfa3fcf2e4ce9994b91f1613834f2ea63503ede20cfc65cede01795eab2e43
    Size: 103.24 kB