Home / mailings [SECURITY] [DSA 4013-1] openjpeg2 security update
Posted on 31 October 2017
Debian Security Advisory-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4013-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 31, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openjpeg2
CVE ID : CVE-2016-1628 CVE-2016-5152 CVE-2016-5157 CVE-2016-9118
CVE-2016-10504 CVE-2017-14039 CVE-2017-14040
CVE-2017-14041 CVE-2017-14151 CVE-2017-14152
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /
decompression library, may result in denial of service or the execution
of arbitrary code if a malformed JPEG 2000 file is processed.
For the oldstable distribution (jessie), these problems have been fixed
in version 2.1.0-2+deb8u3.
For the stable distribution (stretch), these problems have been fixed in
version 2.1.2-1.1+deb9u2.
We recommend that you upgrade your openjpeg2 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
