Test ID:	1.3.6.1.4.1.25623.1.0.871791
Category:	Red Hat Local Security Checks
Title:	RedHat Update for openjpeg RHSA-2017:0838-01
Summary:	The remote host is missing an update for the 'openjpeg'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'openjpeg' package(s) announced via the referenced advisory. Vulnerability Insight: OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). Affected Software/OS: openjpeg on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5139 BugTraq ID: 92276 http://www.securityfocus.com/bid/92276 Debian Security Information: DSA-3645 (Google Search) http://www.debian.org/security/2016/dsa-3645 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/ https://security.gentoo.org/glsa/201610-09 https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html RedHat Security Advisories: RHSA-2016:1580 http://rhn.redhat.com/errata/RHSA-2016-1580.html RedHat Security Advisories: RHSA-2017:0559 http://rhn.redhat.com/errata/RHSA-2017-0559.html RedHat Security Advisories: RHSA-2017:0838 http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.securitytracker.com/id/1036547 SuSE Security Announcement: openSUSE-SU-2016:1982 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html SuSE Security Announcement: openSUSE-SU-2016:1983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5158 BugTraq ID: 92717 http://www.securityfocus.com/bid/92717 Debian Security Information: DSA-3660 (Google Search) http://www.debian.org/security/2016/dsa-3660 RedHat Security Advisories: RHSA-2016:1854 http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.securitytracker.com/id/1036729 SuSE Security Announcement: SUSE-SU-2016:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:2250 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html SuSE Security Announcement: openSUSE-SU-2016:2296 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html SuSE Security Announcement: openSUSE-SU-2016:2349 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5159 Debian Security Information: DSA-3768 (Google Search) http://www.debian.org/security/2017/dsa-3768 Common Vulnerability Exposure (CVE) ID: CVE-2016-7163 BugTraq ID: 92897 http://www.securityfocus.com/bid/92897 Debian Security Information: DSA-3665 (Google Search) http://www.debian.org/security/2016/dsa-3665 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/ http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-9573 97073 http://www.securityfocus.com/bid/97073 DSA-3768 https://www.debian.org/security/2017/dsa-3768 GLSA-201710-26 https://security.gentoo.org/glsa/201710-26 RHSA-2017:0838 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d https://github.com/uclouvain/openjpeg/issues/862 Common Vulnerability Exposure (CVE) ID: CVE-2016-9675 BugTraq ID: 94589 http://www.securityfocus.com/bid/94589 http://www.openwall.com/lists/oss-security/2016/11/29/7 Common Vulnerability Exposure (CVE) ID: CVE-2013-6045 BugTraq ID: 64109 http://www.securityfocus.com/bid/64109 Debian Security Information: DSA-2808 (Google Search) http://www.debian.org/security/2013/dsa-2808 http://seclists.org/oss-sec/2013/q4/412 http://osvdb.org/100636 http://osvdb.org/100637 http://osvdb.org/100638 http://osvdb.org/100641 http://osvdb.org/100646 RedHat Security Advisories: RHSA-2013:1850 http://rhn.redhat.com/errata/RHSA-2013-1850.html
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.