Headline
RHSA-2022:8207: Red Hat Security Advisory: openjpeg2 security update
An update for openjpeg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8207 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: openjpeg2 security update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openjpeg2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
Security Fix(es):
- openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2067052 - CVE-2022-1122 openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
openjpeg2-2.4.0-7.el9.src.rpm
SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a
x86_64
openjpeg2-2.4.0-7.el9.i686.rpm
SHA-256: 374661ebf1ab5ce611e61b706453930ca8dfe9c482018db55affe9a83790fe24
openjpeg2-2.4.0-7.el9.x86_64.rpm
SHA-256: 979857c9789008c57b121256bc92ec35d1e3a9aaeaca998373c19f34d8b3c84e
openjpeg2-debuginfo-2.4.0-7.el9.i686.rpm
SHA-256: 8ab58b37d0225863f2889795bbf29ff8e50baaeb827abd38417cde5d9c024518
openjpeg2-debuginfo-2.4.0-7.el9.x86_64.rpm
SHA-256: 04c0cdbe5c1f41f0bc95009fc1666c843e636a837735d33e819853841e98e776
openjpeg2-debugsource-2.4.0-7.el9.i686.rpm
SHA-256: 8ce841b9415d46a6113405ef136c3a770ea18ab47ecefc1964b959c5e5cabe00
openjpeg2-debugsource-2.4.0-7.el9.x86_64.rpm
SHA-256: 9becdc914c2ab5356dcb2820d646eccad49cf4bd90a4e40641e4cf3f08379e01
openjpeg2-tools-debuginfo-2.4.0-7.el9.i686.rpm
SHA-256: 68b3666fbd77e80202474c9756eff28a18b4c6f303707a3f7a99334829b116d8
openjpeg2-tools-debuginfo-2.4.0-7.el9.x86_64.rpm
SHA-256: d871f4beae5903dbdfabd430c1fa3257ae6a0c09453f0f2a5bfadc071551a15d
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
openjpeg2-2.4.0-7.el9.src.rpm
SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a
s390x
openjpeg2-2.4.0-7.el9.s390x.rpm
SHA-256: 8e232a33d1552bbba3748bc6b469d81a1ace7cb4acbe357ce1949c4580b0d797
openjpeg2-debuginfo-2.4.0-7.el9.s390x.rpm
SHA-256: 0e2fa76277034703a83f39d99cae752fced49ea0b1bcdf62517451779b6d811e
openjpeg2-debugsource-2.4.0-7.el9.s390x.rpm
SHA-256: 3fbea98e9cc7b0603db56e3d671f5d39523ab71fdeeff740894d53496ac0927a
openjpeg2-tools-debuginfo-2.4.0-7.el9.s390x.rpm
SHA-256: 01911f5d875e61c9259fe16b1008a18d86b270d454c734a7881422e8131270ac
Red Hat Enterprise Linux for Power, little endian 9
SRPM
openjpeg2-2.4.0-7.el9.src.rpm
SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a
ppc64le
openjpeg2-2.4.0-7.el9.ppc64le.rpm
SHA-256: c0680fd03ff06e83f0cd29f01843ffa0b0e80d0fab6bf6a06e00bed399ead3e2
openjpeg2-debuginfo-2.4.0-7.el9.ppc64le.rpm
SHA-256: 2f46694a237b1d26a69f0f0e9c54e56e7ceeb8430cece91362d7603217ad863c
openjpeg2-debugsource-2.4.0-7.el9.ppc64le.rpm
SHA-256: d4d0dbf6541a07a0b3a508fa322b5bfc5e2f3c16493b6813f40eac267507f713
openjpeg2-tools-debuginfo-2.4.0-7.el9.ppc64le.rpm
SHA-256: 6a806e7562f1cb8521717a1dc207788fddc216ab7a3a1a79be06c8941d98a279
Red Hat Enterprise Linux for ARM 64 9
SRPM
openjpeg2-2.4.0-7.el9.src.rpm
SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a
aarch64
openjpeg2-2.4.0-7.el9.aarch64.rpm
SHA-256: 1da0f1326131f7513c04d3916af131609e8a09be6d174a123d325e0c195560d7
openjpeg2-debuginfo-2.4.0-7.el9.aarch64.rpm
SHA-256: 42056cbd5c2534005c19b55c2ba24c178ab7bbe4f82f4c566debc9d74d4ae2a7
openjpeg2-debugsource-2.4.0-7.el9.aarch64.rpm
SHA-256: 81807f77920cf4dd0ec94a6599f37eaf2579a08580e264c7b7a36e617308ea1b
openjpeg2-tools-debuginfo-2.4.0-7.el9.aarch64.rpm
SHA-256: 10feaaf6c1ac93a9cabe524e5bd6ac55f026d720c1f60b74ea80d63cfae8a794
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
openjpeg2-debuginfo-2.4.0-7.el9.i686.rpm
SHA-256: 8ab58b37d0225863f2889795bbf29ff8e50baaeb827abd38417cde5d9c024518
openjpeg2-debuginfo-2.4.0-7.el9.x86_64.rpm
SHA-256: 04c0cdbe5c1f41f0bc95009fc1666c843e636a837735d33e819853841e98e776
openjpeg2-debugsource-2.4.0-7.el9.i686.rpm
SHA-256: 8ce841b9415d46a6113405ef136c3a770ea18ab47ecefc1964b959c5e5cabe00
openjpeg2-debugsource-2.4.0-7.el9.x86_64.rpm
SHA-256: 9becdc914c2ab5356dcb2820d646eccad49cf4bd90a4e40641e4cf3f08379e01
openjpeg2-devel-2.4.0-7.el9.i686.rpm
SHA-256: 0587bdfcf2d468a934e365670b9f6e4d434aa90cd6cea47dd2a3404ef3c07e5f
openjpeg2-devel-2.4.0-7.el9.x86_64.rpm
SHA-256: 347ee9a536016515fe9e3aaf5bfd5ac90eb917d219624f1c1a8cdc61f84f10c5
openjpeg2-tools-2.4.0-7.el9.i686.rpm
SHA-256: b3fb9c1c41d51a664e869dea7b10a5e21f76d838c3887fbddcb14ab29f7f8383
openjpeg2-tools-2.4.0-7.el9.x86_64.rpm
SHA-256: 0c551704c473e5f657ef67cc875b410d0315eb8d3b20ed7aa0a064c19497aed3
openjpeg2-tools-debuginfo-2.4.0-7.el9.i686.rpm
SHA-256: 68b3666fbd77e80202474c9756eff28a18b4c6f303707a3f7a99334829b116d8
openjpeg2-tools-debuginfo-2.4.0-7.el9.x86_64.rpm
SHA-256: d871f4beae5903dbdfabd430c1fa3257ae6a0c09453f0f2a5bfadc071551a15d
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
openjpeg2-debuginfo-2.4.0-7.el9.ppc64le.rpm
SHA-256: 2f46694a237b1d26a69f0f0e9c54e56e7ceeb8430cece91362d7603217ad863c
openjpeg2-debugsource-2.4.0-7.el9.ppc64le.rpm
SHA-256: d4d0dbf6541a07a0b3a508fa322b5bfc5e2f3c16493b6813f40eac267507f713
openjpeg2-devel-2.4.0-7.el9.ppc64le.rpm
SHA-256: 1bd89b39dd28c9b8688716bd7f3d2afbb844a50562a2d34b2cc566003cadcba2
openjpeg2-tools-2.4.0-7.el9.ppc64le.rpm
SHA-256: 969553cf0975a80b35abb0fbb9fad23bebd4007f405f62900d077ea8f96a4459
openjpeg2-tools-debuginfo-2.4.0-7.el9.ppc64le.rpm
SHA-256: 6a806e7562f1cb8521717a1dc207788fddc216ab7a3a1a79be06c8941d98a279
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
openjpeg2-debuginfo-2.4.0-7.el9.aarch64.rpm
SHA-256: 42056cbd5c2534005c19b55c2ba24c178ab7bbe4f82f4c566debc9d74d4ae2a7
openjpeg2-debugsource-2.4.0-7.el9.aarch64.rpm
SHA-256: 81807f77920cf4dd0ec94a6599f37eaf2579a08580e264c7b7a36e617308ea1b
openjpeg2-devel-2.4.0-7.el9.aarch64.rpm
SHA-256: 2e888488ec91abc8b8ea5333aa45522b423cc83e006a87f0d3554b314193f95f
openjpeg2-tools-2.4.0-7.el9.aarch64.rpm
SHA-256: faf6632265f100282705de96db6a04e012462923c336a844425cb61605cf3dfb
openjpeg2-tools-debuginfo-2.4.0-7.el9.aarch64.rpm
SHA-256: 10feaaf6c1ac93a9cabe524e5bd6ac55f026d720c1f60b74ea80d63cfae8a794
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
openjpeg2-debuginfo-2.4.0-7.el9.s390x.rpm
SHA-256: 0e2fa76277034703a83f39d99cae752fced49ea0b1bcdf62517451779b6d811e
openjpeg2-debugsource-2.4.0-7.el9.s390x.rpm
SHA-256: 3fbea98e9cc7b0603db56e3d671f5d39523ab71fdeeff740894d53496ac0927a
openjpeg2-devel-2.4.0-7.el9.s390x.rpm
SHA-256: e117adefa7b7586bdfae6451a3dad62049e1fd37ff6f0464cf7f5423c3f250f5
openjpeg2-tools-2.4.0-7.el9.s390x.rpm
SHA-256: 84fe53244cdfd39c39fe468f7dace28900c52295e69b434accf1af4e861f115a
openjpeg2-tools-debuginfo-2.4.0-7.el9.s390x.rpm
SHA-256: 01911f5d875e61c9259fe16b1008a18d86b270d454c734a7881422e8131270ac
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 7083-1 - It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that OpenJPEG incorrectly handled decompressing certain .j2k files in sycc420_to_rgb, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Security Advisory 2022-8207-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
Red Hat Security Advisory 2022-7645-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
Gentoo Linux Security Advisory 202209-4 - Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution. Versions less than 2.5.0 are affected.
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.