BugTraq
[ MDVSA-2014:008 ] openjpeg Jan 17 2014 01:02PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:008
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : openjpeg
Date : January 17, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated openjpeg package fixes security vulnerabilities:

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An
attacker could create a specially crafted OpenJPEG image that,
when opened, could cause an application using openjpeg to crash or,
possibly, execute arbitrary code with the privileges of the user
running the application (CVE-2013-6045).

Multiple denial of service flaws were found in OpenJPEG. An attacker
could create a specially crafted OpenJPEG image that, when opened,
could cause an application using openjpeg to crash (CVE-2013-1447,
CVE-2013-6052, CVE-2013-6053, CVE-2013-6887).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6887
http://advisories.mageia.org/MGASA-2014-0005.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
7c65bf19916467995c79153037836a3b mbs1/x86_64/lib64openjpeg1-1.5.0-2.2.mbs1.x86_64.rpm
f8e50deb18fd88c562e1bd8182ea1a24 mbs1/x86_64/lib64openjpeg-devel-1.5.0-2.2.mbs1.x86_64.rpm
8b946672728f9f76a285f927dddc0197 mbs1/x86_64/openjpeg-1.5.0-2.2.mbs1.x86_64.rpm
28d5b8097c427a1f50d0363241a34e6b mbs1/SRPMS/openjpeg-1.5.0-2.2.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS2P+YmqjQ0CJFipgRAjdWAKDAw3trdO1yQMauPGYTZdR3o7SnrQCgok7r
Ctu3agQ11HVzeJ71xY8Qo/8=
=ogxG
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus