Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7645: Red Hat Security Advisory: openjpeg2 security update

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-08

Updated:

2022-11-08

RHSA-2022:7645 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: openjpeg2 security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Security Fix(es):

  • openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2067052 - CVE-2022-1122 openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

openjpeg2-2.4.0-5.el8.src.rpm

SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442

x86_64

openjpeg2-2.4.0-5.el8.i686.rpm

SHA-256: 29c7796cdad1adf0829c740cbfb7fe68263a467f35fbd258ce994647e42eef90

openjpeg2-2.4.0-5.el8.x86_64.rpm

SHA-256: 936f9d627574c4cdf571d034dcc4a03c9d623f6a275c8d83deac055a55f529dd

openjpeg2-debuginfo-2.4.0-5.el8.i686.rpm

SHA-256: 4f5d809a9373f0b530bc032b074c4d841255291e86da9f44e480e800c08bdeca

openjpeg2-debuginfo-2.4.0-5.el8.x86_64.rpm

SHA-256: 6fc59e08351269f5539955eafdfc8b47d88b0cdcbe2c117c196658bf8f0fed9b

openjpeg2-debugsource-2.4.0-5.el8.i686.rpm

SHA-256: d3fdbeb28a68d8157f6f90edbdaac188914a54c77e3b9724b8b703d221de3384

openjpeg2-debugsource-2.4.0-5.el8.x86_64.rpm

SHA-256: d4bb43529f7b9889e788c48b4a352126864b3e10fbd7e8230a5e5abe9184039a

openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm

SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c

openjpeg2-tools-2.4.0-5.el8.x86_64.rpm

SHA-256: 21ae2074f0cf425536e897b32cb10af978fd11a851d19e79b1e1613447c9b646

openjpeg2-tools-debuginfo-2.4.0-5.el8.i686.rpm

SHA-256: d5270a7ed0edd397aa122d32f0583ef18124fd1922bfca87c8b6c933d5083a05

openjpeg2-tools-debuginfo-2.4.0-5.el8.x86_64.rpm

SHA-256: 192eea2e03fa1b20dab029481ee501452013c6985d223bf4ea6b5ba7cd77ba47

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

openjpeg2-2.4.0-5.el8.src.rpm

SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442

s390x

openjpeg2-2.4.0-5.el8.s390x.rpm

SHA-256: 14e995d6aa371d8e5d40459c9372cdd01207048a258d79bf2342eab9796bae8a

openjpeg2-debuginfo-2.4.0-5.el8.s390x.rpm

SHA-256: 5eef858328c8bba5012b77f6232ecf5c9c91b163d8fb29ef68d47a8fe0448843

openjpeg2-debugsource-2.4.0-5.el8.s390x.rpm

SHA-256: 29d969328b83738297b8e6ba62a8c3b241ffab87deab693d6c8cc4d1a047faf8

openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm

SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c

openjpeg2-tools-2.4.0-5.el8.s390x.rpm

SHA-256: 9f2f8a2df4c5835d18777546190d9a96a50af4712f42d48e65ca71c9029e32c6

openjpeg2-tools-debuginfo-2.4.0-5.el8.s390x.rpm

SHA-256: 380bdd484165453783799fcaea452d92eaf1904ac00286c77b0308116b3e7afa

Red Hat Enterprise Linux for Power, little endian 8

SRPM

openjpeg2-2.4.0-5.el8.src.rpm

SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442

ppc64le

openjpeg2-2.4.0-5.el8.ppc64le.rpm

SHA-256: 383067d702b12dbba807123537b18afb5a2be57e601243f0d257339adb9c242a

openjpeg2-debuginfo-2.4.0-5.el8.ppc64le.rpm

SHA-256: 182a37dfb59bbc5773c81f79dfebb604871f28738859fda013d6908fa0d4fe64

openjpeg2-debugsource-2.4.0-5.el8.ppc64le.rpm

SHA-256: df371001b28906665bb10ed8a392b67613fdf835dcbd0fcb3e22f9a116724e81

openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm

SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c

openjpeg2-tools-2.4.0-5.el8.ppc64le.rpm

SHA-256: 5a6e4410d4c9af7a9d070477f6c2baba12423d4a5ce76e644d8fa996753f23d7

openjpeg2-tools-debuginfo-2.4.0-5.el8.ppc64le.rpm

SHA-256: 904d4aac4ef1b79e17ed7d0129e5d9938b678cd21adbfb8748addfcb6ea0785b

Red Hat Enterprise Linux for ARM 64 8

SRPM

openjpeg2-2.4.0-5.el8.src.rpm

SHA-256: b7775c73dd67465ce699d9bc775fa0e76caf43be5308d3aee86eb38ea441a442

aarch64

openjpeg2-2.4.0-5.el8.aarch64.rpm

SHA-256: 2873e7645e6b58bef4384e2e2e689696e99d2c310cd9d3ce70938a3657d9687d

openjpeg2-debuginfo-2.4.0-5.el8.aarch64.rpm

SHA-256: 961dd6532e810ac7c6d566135a0eec03b121fdf882f97ff1356cc9e0689c2031

openjpeg2-debugsource-2.4.0-5.el8.aarch64.rpm

SHA-256: 0c3c72c0f873daa957bb07dcc4c7bbee343623055ffd3d59140410f8c12f3465

openjpeg2-devel-docs-2.4.0-5.el8.noarch.rpm

SHA-256: 9cf476af1510dccfec09c777a12263ec7581c258a593b93ace298cbb8d96266c

openjpeg2-tools-2.4.0-5.el8.aarch64.rpm

SHA-256: c7d1db8d1c2e15437e91565c3f3b29949602046da6820dcd4737af9d254d51c2

openjpeg2-tools-debuginfo-2.4.0-5.el8.aarch64.rpm

SHA-256: ed640cb655f69141f7decabeb43b93473495e61ed85d819ec413f32d152b1816

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

openjpeg2-debuginfo-2.4.0-5.el8.i686.rpm

SHA-256: 4f5d809a9373f0b530bc032b074c4d841255291e86da9f44e480e800c08bdeca

openjpeg2-debuginfo-2.4.0-5.el8.x86_64.rpm

SHA-256: 6fc59e08351269f5539955eafdfc8b47d88b0cdcbe2c117c196658bf8f0fed9b

openjpeg2-debugsource-2.4.0-5.el8.i686.rpm

SHA-256: d3fdbeb28a68d8157f6f90edbdaac188914a54c77e3b9724b8b703d221de3384

openjpeg2-debugsource-2.4.0-5.el8.x86_64.rpm

SHA-256: d4bb43529f7b9889e788c48b4a352126864b3e10fbd7e8230a5e5abe9184039a

openjpeg2-devel-2.4.0-5.el8.i686.rpm

SHA-256: 8e7cc56e2c6a74b0005faa2c8c9b6b844c6bdc7abfe8cbf1795b19309daac3db

openjpeg2-devel-2.4.0-5.el8.x86_64.rpm

SHA-256: c69bf64da1da28fbb4dab0f6f32811fc85f8a99db382d5d745bc6a5a9752c2c5

openjpeg2-tools-2.4.0-5.el8.i686.rpm

SHA-256: 5b0041f4b16cb0d4be30372017943e2de1910ec9ecfbd6367dfac23745b9d090

openjpeg2-tools-debuginfo-2.4.0-5.el8.i686.rpm

SHA-256: d5270a7ed0edd397aa122d32f0583ef18124fd1922bfca87c8b6c933d5083a05

openjpeg2-tools-debuginfo-2.4.0-5.el8.x86_64.rpm

SHA-256: 192eea2e03fa1b20dab029481ee501452013c6985d223bf4ea6b5ba7cd77ba47

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

openjpeg2-debuginfo-2.4.0-5.el8.ppc64le.rpm

SHA-256: 182a37dfb59bbc5773c81f79dfebb604871f28738859fda013d6908fa0d4fe64

openjpeg2-debugsource-2.4.0-5.el8.ppc64le.rpm

SHA-256: df371001b28906665bb10ed8a392b67613fdf835dcbd0fcb3e22f9a116724e81

openjpeg2-devel-2.4.0-5.el8.ppc64le.rpm

SHA-256: 2e6d9540ad26ba329fbb6fcbc50ff6450a0ff30eb5ce2ff1b1b24fe5beb68725

openjpeg2-tools-debuginfo-2.4.0-5.el8.ppc64le.rpm

SHA-256: 904d4aac4ef1b79e17ed7d0129e5d9938b678cd21adbfb8748addfcb6ea0785b

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

openjpeg2-debuginfo-2.4.0-5.el8.aarch64.rpm

SHA-256: 961dd6532e810ac7c6d566135a0eec03b121fdf882f97ff1356cc9e0689c2031

openjpeg2-debugsource-2.4.0-5.el8.aarch64.rpm

SHA-256: 0c3c72c0f873daa957bb07dcc4c7bbee343623055ffd3d59140410f8c12f3465

openjpeg2-devel-2.4.0-5.el8.aarch64.rpm

SHA-256: e6acfaea4b970ebf9ba67a959ec2dba280369a33a11e4742c2ce9537e6462c14

openjpeg2-tools-debuginfo-2.4.0-5.el8.aarch64.rpm

SHA-256: ed640cb655f69141f7decabeb43b93473495e61ed85d819ec413f32d152b1816

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

openjpeg2-debuginfo-2.4.0-5.el8.s390x.rpm

SHA-256: 5eef858328c8bba5012b77f6232ecf5c9c91b163d8fb29ef68d47a8fe0448843

openjpeg2-debugsource-2.4.0-5.el8.s390x.rpm

SHA-256: 29d969328b83738297b8e6ba62a8c3b241ffab87deab693d6c8cc4d1a047faf8

openjpeg2-devel-2.4.0-5.el8.s390x.rpm

SHA-256: cf63bcaf853eaacba57ab172dbbba34648c18df83660678eb99a4554fea570ee

openjpeg2-tools-debuginfo-2.4.0-5.el8.s390x.rpm

SHA-256: 380bdd484165453783799fcaea452d92eaf1904ac00286c77b0308116b3e7afa

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

Red Hat Security Advisory 2022-8207-01

Red Hat Security Advisory 2022-8207-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

RHSA-2022:8207: Red Hat Security Advisory: openjpeg2 security update

An update for openjpeg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

Red Hat Security Advisory 2022-7645-01

Red Hat Security Advisory 2022-7645-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Gentoo Linux Security Advisory 202209-04

Gentoo Linux Security Advisory 202209-4 - Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution. Versions less than 2.5.0 are affected.

CVE-2022-1122: Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c,that will cause a segfault · Issue #1368 · uclouvain/openjpeg

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.