Headline
RHSA-2022:7645: Red Hat Security Advisory: openjpeg2 security update
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-08
Updated:
2022-11-08
RHSA-2022:7645 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: openjpeg2 security update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
Security Fix(es):
- openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2067052 - CVE-2022-1122 openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
openjpeg2-2.4.0-5.el8.src.rpm
SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442
x86_64
openjpeg2-2.4.0-5.el8.i686.rpm
SHA-256: 29c7796cdad1adf0829c740cbfb7fe68263a467f35fbd258ce994647e42eef90
openjpeg2-2.4.0-5.el8.x86_64.rpm
SHA-256: 936f9d627574c4cdf571d034dcc4a03c9d623f6a275c8d83deac055a55f529dd
openjpeg2-debuginfo-2.4.0-5.el8.i686.rpm
SHA-256: 4f5d809a9373f0b530bc032b074c4d841255291e86da9f44e480e800c08bdeca
openjpeg2-debuginfo-2.4.0-5.el8.x86_64.rpm
SHA-256: 6fc59e08351269f5539955eafdfc8b47d88b0cdcbe2c117c196658bf8f0fed9b
openjpeg2-debugsource-2.4.0-5.el8.i686.rpm
SHA-256: d3fdbeb28a68d8157f6f90edbdaac188914a54c77e3b9724b8b703d221de3384
openjpeg2-debugsource-2.4.0-5.el8.x86_64.rpm
SHA-256: d4bb43529f7b9889e788c48b4a352126864b3e10fbd7e8230a5e5abe9184039a
openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm
SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c
openjpeg2-tools-2.4.0-5.el8.x86_64.rpm
SHA-256: 21ae2074f0cf425536e897b32cb10af978fd11a851d19e79b1e1613447c9b646
openjpeg2-tools-debuginfo-2.4.0-5.el8.i686.rpm
SHA-256: d5270a7ed0edd397aa122d32f0583ef18124fd1922bfca87c8b6c933d5083a05
openjpeg2-tools-debuginfo-2.4.0-5.el8.x86_64.rpm
SHA-256: 192eea2e03fa1b20dab029481ee501452013c6985d223bf4ea6b5ba7cd77ba47
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
openjpeg2-2.4.0-5.el8.src.rpm
SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442
s390x
openjpeg2-2.4.0-5.el8.s390x.rpm
SHA-256: 14e995d6aa371d8e5d40459c9372cdd01207048a258d79bf2342eab9796bae8a
openjpeg2-debuginfo-2.4.0-5.el8.s390x.rpm
SHA-256: 5eef858328c8bba5012b77f6232ecf5c9c91b163d8fb29ef68d47a8fe0448843
openjpeg2-debugsource-2.4.0-5.el8.s390x.rpm
SHA-256: 29d969328b83738297b8e6ba62a8c3b241ffab87deab693d6c8cc4d1a047faf8
openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm
SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c
openjpeg2-tools-2.4.0-5.el8.s390x.rpm
SHA-256: 9f2f8a2df4c5835d18777546190d9a96a50af4712f42d48e65ca71c9029e32c6
openjpeg2-tools-debuginfo-2.4.0-5.el8.s390x.rpm
SHA-256: 380bdd484165453783799fcaea452d92eaf1904ac00286c77b0308116b3e7afa
Red Hat Enterprise Linux for Power, little endian 8
SRPM
openjpeg2-2.4.0-5.el8.src.rpm
SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442
ppc64le
openjpeg2-2.4.0-5.el8.ppc64le.rpm
SHA-256: 383067d702b12dbba807123537b18afb5a2be57e601243f0d257339adb9c242a
openjpeg2-debuginfo-2.4.0-5.el8.ppc64le.rpm
SHA-256: 182a37dfb59bbc5773c81f79dfebb604871f28738859fda013d6908fa0d4fe64
openjpeg2-debugsource-2.4.0-5.el8.ppc64le.rpm
SHA-256: df371001b28906665bb10ed8a392b67613fdf835dcbd0fcb3e22f9a116724e81
openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm
SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c
openjpeg2-tools-2.4.0-5.el8.ppc64le.rpm
SHA-256: 5a6e4410d4c9af7a9d070477f6c2baba12423d4a5ce76e644d8fa996753f23d7
openjpeg2-tools-debuginfo-2.4.0-5.el8.ppc64le.rpm
SHA-256: 904d4aac4ef1b79e17ed7d0129e5d9938b678cd21adbfb8748addfcb6ea0785b
Red Hat Enterprise Linux for ARM 64 8
SRPM
openjpeg2-2.4.0-5.el8.src.rpm
SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442
aarch64
openjpeg2-2.4.0-5.el8.aarch64.rpm
SHA-256: 2873e7645e6b58bef4384e2e2e689696e99d2c310cd9d3ce70938a3657d9687d
openjpeg2-debuginfo-2.4.0-5.el8.aarch64.rpm
SHA-256: 961dd6532e810ac7c6d566135a0eec03b121fdf882f97ff1356cc9e0689c2031
openjpeg2-debugsource-2.4.0-5.el8.aarch64.rpm
SHA-256: 0c3c72c0f873daa957bb07dcc4c7bbee343623055ffd3d59140410f8c12f3465
openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm
SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c
openjpeg2-tools-2.4.0-5.el8.aarch64.rpm
SHA-256: c7d1db8d1c2e15437e91565c3f3b29949602046da6820dcd4737af9d254d51c2
openjpeg2-tools-debuginfo-2.4.0-5.el8.aarch64.rpm
SHA-256: ed640cb655f69141f7decabeb43b93473495e61ed85d819ec413f32d152b1816
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
openjpeg2-debuginfo-2.4.0-5.el8.i686.rpm
SHA-256: 4f5d809a9373f0b530bc032b074c4d841255291e86da9f44e480e800c08bdeca
openjpeg2-debuginfo-2.4.0-5.el8.x86_64.rpm
SHA-256: 6fc59e08351269f5539955eafdfc8b47d88b0cdcbe2c117c196658bf8f0fed9b
openjpeg2-debugsource-2.4.0-5.el8.i686.rpm
SHA-256: d3fdbeb28a68d8157f6f90edbdaac188914a54c77e3b9724b8b703d221de3384
openjpeg2-debugsource-2.4.0-5.el8.x86_64.rpm
SHA-256: d4bb43529f7b9889e788c48b4a352126864b3e10fbd7e8230a5e5abe9184039a
openjpeg2-devel-2.4.0-5.el8.i686.rpm
SHA-256: 8e7cc56e2c6a74b0005faa2c8c9b6b844c6bdc7abfe8cbf1795b19309daac3db
openjpeg2-devel-2.4.0-5.el8.x86_64.rpm
SHA-256: c69bf64da1da28fbb4dab0f6f32811fc85f8a99db382d5d745bc6a5a9752c2c5
openjpeg2-tools-2.4.0-5.el8.i686.rpm
SHA-256: 5b0041f4b16cb0d4be30372017943e2de1910ec9ecfbd6367dfac23745b9d090
openjpeg2-tools-debuginfo-2.4.0-5.el8.i686.rpm
SHA-256: d5270a7ed0edd397aa122d32f0583ef18124fd1922bfca87c8b6c933d5083a05
openjpeg2-tools-debuginfo-2.4.0-5.el8.x86_64.rpm
SHA-256: 192eea2e03fa1b20dab029481ee501452013c6985d223bf4ea6b5ba7cd77ba47
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
openjpeg2-debuginfo-2.4.0-5.el8.ppc64le.rpm
SHA-256: 182a37dfb59bbc5773c81f79dfebb604871f28738859fda013d6908fa0d4fe64
openjpeg2-debugsource-2.4.0-5.el8.ppc64le.rpm
SHA-256: df371001b28906665bb10ed8a392b67613fdf835dcbd0fcb3e22f9a116724e81
openjpeg2-devel-2.4.0-5.el8.ppc64le.rpm
SHA-256: 2e6d9540ad26ba329fbb6fcbc50ff6450a0ff30eb5ce2ff1b1b24fe5beb68725
openjpeg2-tools-debuginfo-2.4.0-5.el8.ppc64le.rpm
SHA-256: 904d4aac4ef1b79e17ed7d0129e5d9938b678cd21adbfb8748addfcb6ea0785b
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
openjpeg2-debuginfo-2.4.0-5.el8.aarch64.rpm
SHA-256: 961dd6532e810ac7c6d566135a0eec03b121fdf882f97ff1356cc9e0689c2031
openjpeg2-debugsource-2.4.0-5.el8.aarch64.rpm
SHA-256: 0c3c72c0f873daa957bb07dcc4c7bbee343623055ffd3d59140410f8c12f3465
openjpeg2-devel-2.4.0-5.el8.aarch64.rpm
SHA-256: e6acfaea4b970ebf9ba67a959ec2dba280369a33a11e4742c2ce9537e6462c14
openjpeg2-tools-debuginfo-2.4.0-5.el8.aarch64.rpm
SHA-256: ed640cb655f69141f7decabeb43b93473495e61ed85d819ec413f32d152b1816
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
openjpeg2-debuginfo-2.4.0-5.el8.s390x.rpm
SHA-256: 5eef858328c8bba5012b77f6232ecf5c9c91b163d8fb29ef68d47a8fe0448843
openjpeg2-debugsource-2.4.0-5.el8.s390x.rpm
SHA-256: 29d969328b83738297b8e6ba62a8c3b241ffab87deab693d6c8cc4d1a047faf8
openjpeg2-devel-2.4.0-5.el8.s390x.rpm
SHA-256: cf63bcaf853eaacba57ab172dbbba34648c18df83660678eb99a4554fea570ee
openjpeg2-tools-debuginfo-2.4.0-5.el8.s390x.rpm
SHA-256: 380bdd484165453783799fcaea452d92eaf1904ac00286c77b0308116b3e7afa
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 7083-1 - It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that OpenJPEG incorrectly handled decompressing certain .j2k files in sycc420_to_rgb, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Security Advisory 2022-8207-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
An update for openjpeg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
Red Hat Security Advisory 2022-7645-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
Gentoo Linux Security Advisory 202209-4 - Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution. Versions less than 2.5.0 are affected.
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.