Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8207: Red Hat Security Advisory: openjpeg2 security update

An update for openjpeg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8207 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: openjpeg2 security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openjpeg2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Security Fix(es):

  • openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2067052 - CVE-2022-1122 openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

openjpeg2-2.4.0-7.el9.src.rpm

SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a

x86_64

openjpeg2-2.4.0-7.el9.i686.rpm

SHA-256: 374661ebf1ab5ce611e61b706453930ca8dfe9c482018db55affe9a83790fe24

openjpeg2-2.4.0-7.el9.x86_64.rpm

SHA-256: 979857c9789008c57b121256bc92ec35d1e3a9aaeaca998373c19f34d8b3c84e

openjpeg2-debuginfo-2.4.0-7.el9.i686.rpm

SHA-256: 8ab58b37d0225863f2889795bbf29ff8e50baaeb827abd38417cde5d9c024518

openjpeg2-debuginfo-2.4.0-7.el9.x86_64.rpm

SHA-256: 04c0cdbe5c1f41f0bc95009fc1666c843e636a837735d33e819853841e98e776

openjpeg2-debugsource-2.4.0-7.el9.i686.rpm

SHA-256: 8ce841b9415d46a6113405ef136c3a770ea18ab47ecefc1964b959c5e5cabe00

openjpeg2-debugsource-2.4.0-7.el9.x86_64.rpm

SHA-256: 9becdc914c2ab5356dcb2820d646eccad49cf4bd90a4e40641e4cf3f08379e01

openjpeg2-tools-debuginfo-2.4.0-7.el9.i686.rpm

SHA-256: 68b3666fbd77e80202474c9756eff28a18b4c6f303707a3f7a99334829b116d8

openjpeg2-tools-debuginfo-2.4.0-7.el9.x86_64.rpm

SHA-256: d871f4beae5903dbdfabd430c1fa3257ae6a0c09453f0f2a5bfadc071551a15d

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

openjpeg2-2.4.0-7.el9.src.rpm

SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a

s390x

openjpeg2-2.4.0-7.el9.s390x.rpm

SHA-256: 8e232a33d1552bbba3748bc6b469d81a1ace7cb4acbe357ce1949c4580b0d797

openjpeg2-debuginfo-2.4.0-7.el9.s390x.rpm

SHA-256: 0e2fa76277034703a83f39d99cae752fced49ea0b1bcdf62517451779b6d811e

openjpeg2-debugsource-2.4.0-7.el9.s390x.rpm

SHA-256: 3fbea98e9cc7b0603db56e3d671f5d39523ab71fdeeff740894d53496ac0927a

openjpeg2-tools-debuginfo-2.4.0-7.el9.s390x.rpm

SHA-256: 01911f5d875e61c9259fe16b1008a18d86b270d454c734a7881422e8131270ac

Red Hat Enterprise Linux for Power, little endian 9

SRPM

openjpeg2-2.4.0-7.el9.src.rpm

SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a

ppc64le

openjpeg2-2.4.0-7.el9.ppc64le.rpm

SHA-256: c0680fd03ff06e83f0cd29f01843ffa0b0e80d0fab6bf6a06e00bed399ead3e2

openjpeg2-debuginfo-2.4.0-7.el9.ppc64le.rpm

SHA-256: 2f46694a237b1d26a69f0f0e9c54e56e7ceeb8430cece91362d7603217ad863c

openjpeg2-debugsource-2.4.0-7.el9.ppc64le.rpm

SHA-256: d4d0dbf6541a07a0b3a508fa322b5bfc5e2f3c16493b6813f40eac267507f713

openjpeg2-tools-debuginfo-2.4.0-7.el9.ppc64le.rpm

SHA-256: 6a806e7562f1cb8521717a1dc207788fddc216ab7a3a1a79be06c8941d98a279

Red Hat Enterprise Linux for ARM 64 9

SRPM

openjpeg2-2.4.0-7.el9.src.rpm

SHA-256: 4800a7288f165992c2bf044e988485fb7e746e6358f514edcdf6dc63b94d346a

aarch64

openjpeg2-2.4.0-7.el9.aarch64.rpm

SHA-256: 1da0f1326131f7513c04d3916af131609e8a09be6d174a123d325e0c195560d7

openjpeg2-debuginfo-2.4.0-7.el9.aarch64.rpm

SHA-256: 42056cbd5c2534005c19b55c2ba24c178ab7bbe4f82f4c566debc9d74d4ae2a7

openjpeg2-debugsource-2.4.0-7.el9.aarch64.rpm

SHA-256: 81807f77920cf4dd0ec94a6599f37eaf2579a08580e264c7b7a36e617308ea1b

openjpeg2-tools-debuginfo-2.4.0-7.el9.aarch64.rpm

SHA-256: 10feaaf6c1ac93a9cabe524e5bd6ac55f026d720c1f60b74ea80d63cfae8a794

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

openjpeg2-debuginfo-2.4.0-7.el9.i686.rpm

SHA-256: 8ab58b37d0225863f2889795bbf29ff8e50baaeb827abd38417cde5d9c024518

openjpeg2-debuginfo-2.4.0-7.el9.x86_64.rpm

SHA-256: 04c0cdbe5c1f41f0bc95009fc1666c843e636a837735d33e819853841e98e776

openjpeg2-debugsource-2.4.0-7.el9.i686.rpm

SHA-256: 8ce841b9415d46a6113405ef136c3a770ea18ab47ecefc1964b959c5e5cabe00

openjpeg2-debugsource-2.4.0-7.el9.x86_64.rpm

SHA-256: 9becdc914c2ab5356dcb2820d646eccad49cf4bd90a4e40641e4cf3f08379e01

openjpeg2-devel-2.4.0-7.el9.i686.rpm

SHA-256: 0587bdfcf2d468a934e365670b9f6e4d434aa90cd6cea47dd2a3404ef3c07e5f

openjpeg2-devel-2.4.0-7.el9.x86_64.rpm

SHA-256: 347ee9a536016515fe9e3aaf5bfd5ac90eb917d219624f1c1a8cdc61f84f10c5

openjpeg2-tools-2.4.0-7.el9.i686.rpm

SHA-256: b3fb9c1c41d51a664e869dea7b10a5e21f76d838c3887fbddcb14ab29f7f8383

openjpeg2-tools-2.4.0-7.el9.x86_64.rpm

SHA-256: 0c551704c473e5f657ef67cc875b410d0315eb8d3b20ed7aa0a064c19497aed3

openjpeg2-tools-debuginfo-2.4.0-7.el9.i686.rpm

SHA-256: 68b3666fbd77e80202474c9756eff28a18b4c6f303707a3f7a99334829b116d8

openjpeg2-tools-debuginfo-2.4.0-7.el9.x86_64.rpm

SHA-256: d871f4beae5903dbdfabd430c1fa3257ae6a0c09453f0f2a5bfadc071551a15d

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

openjpeg2-debuginfo-2.4.0-7.el9.ppc64le.rpm

SHA-256: 2f46694a237b1d26a69f0f0e9c54e56e7ceeb8430cece91362d7603217ad863c

openjpeg2-debugsource-2.4.0-7.el9.ppc64le.rpm

SHA-256: d4d0dbf6541a07a0b3a508fa322b5bfc5e2f3c16493b6813f40eac267507f713

openjpeg2-devel-2.4.0-7.el9.ppc64le.rpm

SHA-256: 1bd89b39dd28c9b8688716bd7f3d2afbb844a50562a2d34b2cc566003cadcba2

openjpeg2-tools-2.4.0-7.el9.ppc64le.rpm

SHA-256: 969553cf0975a80b35abb0fbb9fad23bebd4007f405f62900d077ea8f96a4459

openjpeg2-tools-debuginfo-2.4.0-7.el9.ppc64le.rpm

SHA-256: 6a806e7562f1cb8521717a1dc207788fddc216ab7a3a1a79be06c8941d98a279

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

openjpeg2-debuginfo-2.4.0-7.el9.aarch64.rpm

SHA-256: 42056cbd5c2534005c19b55c2ba24c178ab7bbe4f82f4c566debc9d74d4ae2a7

openjpeg2-debugsource-2.4.0-7.el9.aarch64.rpm

SHA-256: 81807f77920cf4dd0ec94a6599f37eaf2579a08580e264c7b7a36e617308ea1b

openjpeg2-devel-2.4.0-7.el9.aarch64.rpm

SHA-256: 2e888488ec91abc8b8ea5333aa45522b423cc83e006a87f0d3554b314193f95f

openjpeg2-tools-2.4.0-7.el9.aarch64.rpm

SHA-256: faf6632265f100282705de96db6a04e012462923c336a844425cb61605cf3dfb

openjpeg2-tools-debuginfo-2.4.0-7.el9.aarch64.rpm

SHA-256: 10feaaf6c1ac93a9cabe524e5bd6ac55f026d720c1f60b74ea80d63cfae8a794

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

openjpeg2-debuginfo-2.4.0-7.el9.s390x.rpm

SHA-256: 0e2fa76277034703a83f39d99cae752fced49ea0b1bcdf62517451779b6d811e

openjpeg2-debugsource-2.4.0-7.el9.s390x.rpm

SHA-256: 3fbea98e9cc7b0603db56e3d671f5d39523ab71fdeeff740894d53496ac0927a

openjpeg2-devel-2.4.0-7.el9.s390x.rpm

SHA-256: e117adefa7b7586bdfae6451a3dad62049e1fd37ff6f0464cf7f5423c3f250f5

openjpeg2-tools-2.4.0-7.el9.s390x.rpm

SHA-256: 84fe53244cdfd39c39fe468f7dace28900c52295e69b434accf1af4e861f115a

openjpeg2-tools-debuginfo-2.4.0-7.el9.s390x.rpm

SHA-256: 01911f5d875e61c9259fe16b1008a18d86b270d454c734a7881422e8131270ac

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-7083-1

Ubuntu Security Notice 7083-1 - It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that OpenJPEG incorrectly handled decompressing certain .j2k files in sycc420_to_rgb, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

Red Hat Security Advisory 2022-8207-01

Red Hat Security Advisory 2022-8207-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Red Hat Security Advisory 2022-7645-01

Red Hat Security Advisory 2022-7645-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

RHSA-2022:7645: Red Hat Security Advisory: openjpeg2 security update

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

Gentoo Linux Security Advisory 202209-04

Gentoo Linux Security Advisory 202209-4 - Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution. Versions less than 2.5.0 are affected.

CVE-2022-1122: Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c,that will cause a segfault · Issue #1368 · uclouvain/openjpeg

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.