SUSE-SU-2022:1296-1

Description

Security update for openjpeg This update for openjpeg fixes the following issues: - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2020-8112: Fixed a heap buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed a use-after-free if a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed a heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457), - CVE-2021-29338: Fixed an integer Overflow allows remote attackers to crash the application (bsc#1184774).

Affected Systems

• opensuse•openjpeg&distro=openSUSE Leap 15.3

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Enterprise Storage 6

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Enterprise Storage 7

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise High Performance Computing 15-ESPOS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP3

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Real Time 15 SP2

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server 15 SP1-BCL

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server 15 SP1-LTSS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server 15 SP2-BCL

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server 15 SP2-LTSS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server 15-LTSS

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server for SAP Applications 15

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP1

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Manager Proxy 4.1

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Manager Retail Branch Server 4.1

  < 1.5.2-150000.4.5.1

• suse•openjpeg&distro=SUSE Manager Server 4.1

  < 1.5.2-150000.4.5.1

References (13)

• https://www.suse.com/support/update/announcement/2022/suse-su-20221296-1/
• https://bugzilla.suse.com/1102016
• https://bugzilla.suse.com/1106881
• https://bugzilla.suse.com/1162090
• https://bugzilla.suse.com/1173578
• https://bugzilla.suse.com/1180457
• https://bugzilla.suse.com/1184774
• https://www.suse.com/security/cve/CVE-2018-14423
• https://www.suse.com/security/cve/CVE-2018-16376
• https://www.suse.com/security/cve/CVE-2020-15389
• https://www.suse.com/security/cve/CVE-2020-27823
• https://www.suse.com/security/cve/CVE-2020-8112
• https://www.suse.com/security/cve/CVE-2021-29338