ID de Prueba:	1.3.6.1.4.1.25623.1.0.882686
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for openjpeg CESA-2017:0838 centos7
Resumen:	Check the version of openjpeg
Descripción:	Summary: Check the version of openjpeg Vulnerability Insight: OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). Affected Software/OS: openjpeg on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5139 BugTraq ID: 92276 http://www.securityfocus.com/bid/92276 Debian Security Information: DSA-3645 (Google Search) http://www.debian.org/security/2016/dsa-3645 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/ https://security.gentoo.org/glsa/201610-09 https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html RedHat Security Advisories: RHSA-2016:1580 http://rhn.redhat.com/errata/RHSA-2016-1580.html RedHat Security Advisories: RHSA-2017:0559 http://rhn.redhat.com/errata/RHSA-2017-0559.html RedHat Security Advisories: RHSA-2017:0838 http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.securitytracker.com/id/1036547 SuSE Security Announcement: openSUSE-SU-2016:1982 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html SuSE Security Announcement: openSUSE-SU-2016:1983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5158 BugTraq ID: 92717 http://www.securityfocus.com/bid/92717 Debian Security Information: DSA-3660 (Google Search) http://www.debian.org/security/2016/dsa-3660 RedHat Security Advisories: RHSA-2016:1854 http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.securitytracker.com/id/1036729 SuSE Security Announcement: SUSE-SU-2016:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:2250 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html SuSE Security Announcement: openSUSE-SU-2016:2296 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html SuSE Security Announcement: openSUSE-SU-2016:2349 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5159 Debian Security Information: DSA-3768 (Google Search) http://www.debian.org/security/2017/dsa-3768 Common Vulnerability Exposure (CVE) ID: CVE-2016-7163 BugTraq ID: 92897 http://www.securityfocus.com/bid/92897 Debian Security Information: DSA-3665 (Google Search) http://www.debian.org/security/2016/dsa-3665 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/ http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-9573 97073 http://www.securityfocus.com/bid/97073 DSA-3768 https://www.debian.org/security/2017/dsa-3768 GLSA-201710-26 https://security.gentoo.org/glsa/201710-26 RHSA-2017:0838 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d https://github.com/uclouvain/openjpeg/issues/862 Common Vulnerability Exposure (CVE) ID: CVE-2016-9675 BugTraq ID: 94589 http://www.securityfocus.com/bid/94589 http://www.openwall.com/lists/oss-security/2016/11/29/7 Common Vulnerability Exposure (CVE) ID: CVE-2013-6045 BugTraq ID: 64109 http://www.securityfocus.com/bid/64109 Debian Security Information: DSA-2808 (Google Search) http://www.debian.org/security/2013/dsa-2808 http://seclists.org/oss-sec/2013/q4/412 http://osvdb.org/100636 http://osvdb.org/100637 http://osvdb.org/100638 http://osvdb.org/100641 http://osvdb.org/100646 RedHat Security Advisories: RHSA-2013:1850 http://rhn.redhat.com/errata/RHSA-2013-1850.html
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.