openjpeg-1.3-8.AXS4

エラータID: AXSA:2012-758:01

Release date: 
Monday, August 20, 2012 - 20:24
Subject: 
openjpeg-1.3-8.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group (JPEG).

Security issues fixed with this release:

CVE-2009-5030
The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

CVE-2012-3358
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

Solution: 

Update packages.

CVEs: 
CVE-2009-5030
The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."
CVE-2012-3358
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
Additional Info: 

N/A

Download: 

SRPMS
  1. openjpeg-1.3-8.AXS4.src.rpm
    MD5: fd651cc00852a894d524f55a8be9aab4
    SHA-256: 3602539fb123c144545c6ab94f57b71a1859ad2d511f2b8c8a904df12e15ea07
    Size: 0.98 MB

Asianux Server 4 for x86
  1. openjpeg-libs-1.3-8.AXS4.i686.rpm
    MD5: 73d7dccf07b020caff3d9e8db9bd84d8
    SHA-256: 15885697b8b78d6d1a3efca7b02406071b547a6af2171a7b47e8ea6b738b1b1e
    Size: 58.10 kB

Asianux Server 4 for x86_64
  1. openjpeg-libs-1.3-8.AXS4.x86_64.rpm
    MD5: 594e0097bc382240a64839c033601406
    SHA-256: 2e4dbecdeab5dfc6f8411e1e29be58ac7db50f4f474c83c4562cd8d117cf8229
    Size: 57.85 kB
  2. openjpeg-libs-1.3-8.AXS4.i686.rpm
    MD5: 73d7dccf07b020caff3d9e8db9bd84d8
    SHA-256: 15885697b8b78d6d1a3efca7b02406071b547a6af2171a7b47e8ea6b738b1b1e
    Size: 58.10 kB