Red Hat Security Advisory 2020-0569-01

Red Hat Security Advisory 2020-0569-01: Posted Feb 25, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-0569-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2020-8112; SHA-256 | ac8780ccf7ec8b034e2d6101dbc82ae39cb422eb9e25972542de67c83c777922; Download | Favorite | View

Red Hat Security Advisory 2020-0569-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openjpeg2 security update
Advisory ID:       RHSA-2020:0569-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0569
Issue date:        2020-02-24
CVE Names:         CVE-2020-8112 
=====================================================================

1. Summary:

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

OpenJPEG is an open source library for reading and writing image files in
JPEG2000 format.

Security Fix(es):

* openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in
openjp2/t1.c (CVE-2020-8112)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1800535 - CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.0):

Source:
openjpeg2-2.3.0-10.el8_0.src.rpm

aarch64:
openjpeg2-2.3.0-10.el8_0.aarch64.rpm
openjpeg2-debuginfo-2.3.0-10.el8_0.aarch64.rpm
openjpeg2-debugsource-2.3.0-10.el8_0.aarch64.rpm
openjpeg2-tools-2.3.0-10.el8_0.aarch64.rpm
openjpeg2-tools-debuginfo-2.3.0-10.el8_0.aarch64.rpm

noarch:
openjpeg2-devel-docs-2.3.0-10.el8_0.noarch.rpm

ppc64le:
openjpeg2-2.3.0-10.el8_0.ppc64le.rpm
openjpeg2-debuginfo-2.3.0-10.el8_0.ppc64le.rpm
openjpeg2-debugsource-2.3.0-10.el8_0.ppc64le.rpm
openjpeg2-tools-2.3.0-10.el8_0.ppc64le.rpm
openjpeg2-tools-debuginfo-2.3.0-10.el8_0.ppc64le.rpm

s390x:
openjpeg2-2.3.0-10.el8_0.s390x.rpm
openjpeg2-debuginfo-2.3.0-10.el8_0.s390x.rpm
openjpeg2-debugsource-2.3.0-10.el8_0.s390x.rpm
openjpeg2-tools-2.3.0-10.el8_0.s390x.rpm
openjpeg2-tools-debuginfo-2.3.0-10.el8_0.s390x.rpm

x86_64:
openjpeg2-2.3.0-10.el8_0.i686.rpm
openjpeg2-2.3.0-10.el8_0.x86_64.rpm
openjpeg2-debuginfo-2.3.0-10.el8_0.i686.rpm
openjpeg2-debuginfo-2.3.0-10.el8_0.x86_64.rpm
openjpeg2-debugsource-2.3.0-10.el8_0.i686.rpm
openjpeg2-debugsource-2.3.0-10.el8_0.x86_64.rpm
openjpeg2-tools-2.3.0-10.el8_0.x86_64.rpm
openjpeg2-tools-debuginfo-2.3.0-10.el8_0.i686.rpm
openjpeg2-tools-debuginfo-2.3.0-10.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-8112
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXlOYFtzjgjWX9erEAQjE0Q/8CUlsiT+7+qC7xf0DlEBfu9VVPDNQz5bV
e0m5iTvfQzLzTA9qqNOs1Tn8k00vPq89Fv/dxbiTQ8J4UvuxhUxW9B4Gp/UjJB92
KVy0gGta9qoRSBMnSXTf1faEABrQQoEo+pzCHfdt7zYzlCNEjB3Qz9j2zHMkmz8b
8bTV2R4Pxqk0HP/juZNguUPWpch/Zfm5PM5wio8cXVnzuWZMVwSsCf1OV9cbjbUm
ILE8EuWhjzku4rhTwZLWrBxBgsAPXJC/tfyLNSOzRK0uet1ycYT0vh+62cltr6T7
t6B5WLo81a7uSSN5dKttx10ElTGPoxeMSdUp/sH7EYTQ65zyGUyiwwhvzz+uaPv7
hh2foc5TIIdpb9HjNOBsYd20L35EFxkC0WVJ9HQPK9tRLr8Sp4ptPFaI71pEsuS+
c8nlgOGBtGAb67Y//N3WgowuClpj74zMw3W9oZ3YX/jY/54b4yWVWuNZ4rRD4er3
2L0r0k3oslgoglMd/tShr00TXBeH91Q/VfsR2gHlkoyE+pFKEiTnfvJH0ddconD2
zq8m68tO70FJoZ2VcgIRCs9CmewssrAAlD82O4hD4QiJ3qi1Wl2lh/zqxI4+2wYd
qjmwqmn6U+Zz939fQi/ZpW00Q0BYWLdoLxW8aU9vVqksSYXzaud9xlUTmNhfJen4
gRLeqRLkXoI=
=088F
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Red Hat Security Advisory 2020-0569-01

Red Hat Security Advisory 2020-0569-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2020-0569-01

Share This

Red Hat Security Advisory 2020-0569-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems