Security update for openjpeg2
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:2144-1
Final
1
1
2017-08-11T14:58:50Z
current
2017-08-11T14:58:50Z
2017-08-11T14:58:50Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for openjpeg2
This update for openjpeg2 fixes the following issues:
- CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857).
- CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP2-2017-1325,SUSE-SLE-DESKTOP-12-SP3-2017-1325,SUSE-SLE-RPI-12-SP2-2017-1325,SUSE-SLE-SERVER-12-SP2-2017-1325,SUSE-SLE-SERVER-12-SP3-2017-1325
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20172144-1/
Link for SUSE-SU-2017:2144-1
https://lists.suse.com/pipermail/sle-security-updates/2017-August/003133.html
E-Mail link for SUSE-SU-2017:2144-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/979907
SUSE Bug 979907
https://bugzilla.suse.com/997857
SUSE Bug 997857
https://www.suse.com/security/cve/CVE-2015-8871/
SUSE CVE CVE-2015-8871 page
https://www.suse.com/security/cve/CVE-2016-7163/
SUSE CVE CVE-2016-7163 page
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libopenjp2-7-2.1.0-4.3.2
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Desktop 12 SP3
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Server 12 SP2
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Server 12 SP3
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
libopenjp2-7-2.1.0-4.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8871
SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2
important
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20172144-1/
https://www.suse.com/security/cve/CVE-2015-8871.html
CVE-2015-8871
https://bugzilla.suse.com/1007739
SUSE Bug 1007739
https://bugzilla.suse.com/1007744
SUSE Bug 1007744
https://bugzilla.suse.com/979907
SUSE Bug 979907
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CVE-2016-7163
SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2
important
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20172144-1/
https://www.suse.com/security/cve/CVE-2016-7163.html
CVE-2016-7163
https://bugzilla.suse.com/1007739
SUSE Bug 1007739
https://bugzilla.suse.com/1007744
SUSE Bug 1007744
https://bugzilla.suse.com/997857
SUSE Bug 997857