seeing is believing

Mandriva Linux Security Advisory 2014-008

Mandriva Linux Security Advisory 2014-008
Posted Jan 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-008 - Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash. .

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6053, CVE-2013-6887
MD5 | ceee679d3cbd42e94617266c6ca5d152

Mandriva Linux Security Advisory 2014-008

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:008
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : openjpeg
Date : January 17, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated openjpeg package fixes security vulnerabilities:

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An
attacker could create a specially crafted OpenJPEG image that,
when opened, could cause an application using openjpeg to crash or,
possibly, execute arbitrary code with the privileges of the user
running the application (CVE-2013-6045).

Multiple denial of service flaws were found in OpenJPEG. An attacker
could create a specially crafted OpenJPEG image that, when opened,
could cause an application using openjpeg to crash (CVE-2013-1447,
CVE-2013-6052, CVE-2013-6053, CVE-2013-6887).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6887
http://advisories.mageia.org/MGASA-2014-0005.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
7c65bf19916467995c79153037836a3b mbs1/x86_64/lib64openjpeg1-1.5.0-2.2.mbs1.x86_64.rpm
f8e50deb18fd88c562e1bd8182ea1a24 mbs1/x86_64/lib64openjpeg-devel-1.5.0-2.2.mbs1.x86_64.rpm
8b946672728f9f76a285f927dddc0197 mbs1/x86_64/openjpeg-1.5.0-2.2.mbs1.x86_64.rpm
28d5b8097c427a1f50d0363241a34e6b mbs1/SRPMS/openjpeg-1.5.0-2.2.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS2P+YmqjQ0CJFipgRAjdWAKDAw3trdO1yQMauPGYTZdR3o7SnrQCgok7r
Ctu3agQ11HVzeJ71xY8Qo/8=
=ogxG
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close