319 lines
14 KiB
JSON
319 lines
14 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20172084",
|
||
"Version": "oval:org.altlinux.errata:def:20172084",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2017-2084: package `libopenjpeg2.0` update to version 2.2.0-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c9f2"
|
||
],
|
||
"Products": [
|
||
"ALT SPWorkstation",
|
||
"ALT SPServer"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2017-2084",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2084",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01315",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01315",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-10504",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10504",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-10505",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10505",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-10506",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10506",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-10507",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10507",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-7163",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7163",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9112",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9112",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9113",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9113",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9114",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9114",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9115",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9115",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9116",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9116",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9117",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9117",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9118",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9118",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9572",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9572",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9573",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9573",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9580",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9580",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-9581",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9581",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades libopenjpeg2.0 to version 2.2.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01315: Уязвимость библиотеки для кодирования и декодирования изображений OpenJPEG, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-10504: Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.\n\n * CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.\n\n * CVE-2016-10506: Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.\n\n * CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.\n\n * CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.\n\n * CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.\n\n * CVE-2016-9113: There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.\n\n * CVE-2016-9114: There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.\n\n * CVE-2016-9115: Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n\n * CVE-2016-9118: Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.\n\n * CVE-2016-9572: A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.\n\n * CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.\n\n * CVE-2016-9580: An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.\n\n * CVE-2016-9581: An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2017-08-19"
|
||
},
|
||
"Updated": {
|
||
"Date": "2017-08-19"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2021-01315",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-369",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01315",
|
||
"Impact": "High",
|
||
"Public": "20161116"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2016-10504",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10504",
|
||
"Impact": "Low",
|
||
"Public": "20170830"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-10505",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10505",
|
||
"Impact": "Low",
|
||
"Public": "20170830"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-10506",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-369",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10506",
|
||
"Impact": "Low",
|
||
"Public": "20170830"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-10507",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10507",
|
||
"Impact": "Low",
|
||
"Public": "20170830"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-7163",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7163",
|
||
"Impact": "High",
|
||
"Public": "20160921"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9112",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-369",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9112",
|
||
"Impact": "High",
|
||
"Public": "20161029"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9113",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9113",
|
||
"Impact": "High",
|
||
"Public": "20161030"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9114",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9114",
|
||
"Impact": "High",
|
||
"Public": "20161030"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9115",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9115",
|
||
"Impact": "Low",
|
||
"Public": "20161030"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9116",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9116",
|
||
"Impact": "Low",
|
||
"Public": "20161030"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9117",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9117",
|
||
"Impact": "Low",
|
||
"Public": "20161030"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9118",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9118",
|
||
"Impact": "Low",
|
||
"Public": "20161030"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9572",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9572",
|
||
"Impact": "Low",
|
||
"Public": "20180801"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9573",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9573",
|
||
"Impact": "High",
|
||
"Public": "20180801"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9580",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9580",
|
||
"Impact": "High",
|
||
"Public": "20180801"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-9581",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-122",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9581",
|
||
"Impact": "High",
|
||
"Public": "20180801"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:8.4",
|
||
"cpe:/o:alt:spserver:8.4"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172084001",
|
||
"Comment": "libopenjpeg2.0 is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172084002",
|
||
"Comment": "libopenjpeg2.0-devel is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172084003",
|
||
"Comment": "openjpeg-tools2.0 is earlier than 0:2.2.0-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |