Test ID:	1.3.6.1.4.1.25623.1.0.702629
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2629-1)
Summary:	The remote host is missing an update for the Debian 'openjpeg' package(s) announced via the DSA-2629-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openjpeg' package(s) announced via the DSA-2629-1 advisory. Vulnerability Insight: CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images. For the stable distribution (squeeze), these problems have been fixed in version 1.3+dfsg-4+squeeze1. For the testing (wheezy) and unstable (sid) distributions, these problems have been fixed in version 1.3+dfsg-4.6. We recommend that you upgrade your openjpeg packages. Affected Software/OS: 'openjpeg' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5030 48781 http://secunia.com/advisories/48781 49913 http://secunia.com/advisories/49913 53012 http://www.securityfocus.com/bid/53012 FEDORA-2012-9602 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html FEDORA-2012-9628 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html MDVSA-2012:104 http://www.mandriva.com/security/advisories?name=MDVSA-2012:104 RHSA-2012:1068 http://rhn.redhat.com/errata/RHSA-2012-1068.html [oss-security] 20120413 Re: CVE Request: Heap corruption in openjpeg http://www.openwall.com/lists/oss-security/2012/04/13/5 http://code.google.com/p/openjpeg/issues/detail?id=5 http://code.google.com/p/openjpeg/source/detail?r=1703 https://groups.google.com/forum/#%21topic/openjpeg/DLVrRKbTeI0/discussion openjpeg-tcdfreeencode-code-execution(74851) https://exchange.xforce.ibmcloud.com/vulnerabilities/74851 Common Vulnerability Exposure (CVE) ID: CVE-2012-3358 54373 http://www.securityfocus.com/bid/54373 83741 http://osvdb.org/83741 [oss-security] 20120711 Openjpeg: heap-buffer overflow when processing JPEG2000 image files http://www.openwall.com/lists/oss-security/2012/07/11/1 http://code.google.com/p/openjpeg/source/detail?r=1727 openjpeg-jpeg2000-bo(76850) https://exchange.xforce.ibmcloud.com/vulnerabilities/76850 Common Vulnerability Exposure (CVE) ID: CVE-2012-3535 50360 http://secunia.com/advisories/50360 50681 http://secunia.com/advisories/50681 55214 http://www.securityfocus.com/bid/55214 84978 http://osvdb.org/84978 FEDORA-2012-14664 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090021.html FEDORA-2012-14707 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090579.html MDVSA-2012:157 http://www.mandriva.com/security/advisories?name=MDVSA-2012:157 RHSA-2012:1283 http://rhn.redhat.com/errata/RHSA-2012-1283.html [oss-security] 20120827 CVE Request: Heap-based buffer overflow in openjpeg http://www.openwall.com/lists/oss-security/2012/08/27/2 [oss-security] 20120827 Re: CVE Request: Heap-based buffer overflow in openjpeg http://www.openwall.com/lists/oss-security/2012/08/27/3 http://code.google.com/p/openjpeg/issues/detail?id=170 https://bugzilla.redhat.com/show_bug.cgi?id=842918 openjpeg-files-bo(77994) https://exchange.xforce.ibmcloud.com/vulnerabilities/77994
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.