Package name
openjpeg
Date
2014-01-17
Advisory ID
MDVSA-2014:008
Affected versions
MBS1 x86_64

Problem description

Updated openjpeg package fixes security vulnerabilities:

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An
attacker could create a specially crafted OpenJPEG image that,
when opened, could cause an application using openjpeg to crash or,
possibly, execute arbitrary code with the privileges of the user
running the application (CVE-2013-6045).

Multiple denial of service flaws were found in OpenJPEG. An attacker
could create a specially crafted OpenJPEG image that, when opened,
could cause an application using openjpeg to crash (CVE-2013-1447,
CVE-2013-6052, CVE-2013-6053, CVE-2013-6887).

Updated packages

MBS1 x86_64

 7c65bf19916467995c79153037836a3b  mbs1/x86_64/lib64openjpeg1-1.5.0-2.2.mbs1.x86_64.rpm
 f8e50deb18fd88c562e1bd8182ea1a24  mbs1/x86_64/lib64openjpeg-devel-1.5.0-2.2.mbs1.x86_64.rpm
 8b946672728f9f76a285f927dddc0197  mbs1/x86_64/openjpeg-1.5.0-2.2.mbs1.x86_64.rpm 
 28d5b8097c427a1f50d0363241a34e6b  mbs1/SRPMS/openjpeg-1.5.0-2.2.mbs1.src.rpm

References