Test ID:	1.3.6.1.4.1.25623.1.1.4.2016.3270.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2016:3270-1)
Summary:	The remote host is missing an update for the 'openjpeg2' package(s) announced via the SUSE-SU-2016:3270-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openjpeg2' package(s) announced via the SUSE-SU-2016:3270-1 advisory. Vulnerability Insight: This update for openjpeg2 fixes the following issues: * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] Affected Software/OS: 'openjpeg2' package(s) on SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2, SUSE Linux Enterprise Server for SAP Applications 12-SP2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7445 BugTraq ID: 93040 http://www.securityfocus.com/bid/93040 https://security.gentoo.org/glsa/201612-26 http://www.openwall.com/lists/oss-security/2016/09/18/4 http://www.openwall.com/lists/oss-security/2016/09/18/6 SuSE Security Announcement: openSUSE-SU-2016:2424 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html Common Vulnerability Exposure (CVE) ID: CVE-2016-8332 BugTraq ID: 93242 http://www.securityfocus.com/bid/93242 Debian Security Information: DSA-3768 (Google Search) http://www.debian.org/security/2017/dsa-3768 http://www.talosintelligence.com/reports/TALOS-2016-0193/ https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2 https://www.oracle.com/security-alerts/cpujul2020.html http://www.securitytracker.com/id/1038623 Common Vulnerability Exposure (CVE) ID: CVE-2016-9112 BugTraq ID: 93978 http://www.securityfocus.com/bid/93978 https://security.gentoo.org/glsa/201710-26 https://github.com/uclouvain/openjpeg/issues/855 https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9113 BugTraq ID: 93980 http://www.securityfocus.com/bid/93980 https://github.com/uclouvain/openjpeg/issues/856 Common Vulnerability Exposure (CVE) ID: CVE-2016-9114 BugTraq ID: 93979 http://www.securityfocus.com/bid/93979 https://github.com/uclouvain/openjpeg/issues/857 Common Vulnerability Exposure (CVE) ID: CVE-2016-9115 BugTraq ID: 93977 http://www.securityfocus.com/bid/93977 https://github.com/uclouvain/openjpeg/issues/858 Common Vulnerability Exposure (CVE) ID: CVE-2016-9116 BugTraq ID: 93975 http://www.securityfocus.com/bid/93975 https://github.com/uclouvain/openjpeg/issues/859 Common Vulnerability Exposure (CVE) ID: CVE-2016-9117 BugTraq ID: 93783 http://www.securityfocus.com/bid/93783 https://github.com/uclouvain/openjpeg/issues/860 Common Vulnerability Exposure (CVE) ID: CVE-2016-9118 BugTraq ID: 93976 http://www.securityfocus.com/bid/93976 Debian Security Information: DSA-4013 (Google Search) http://www.debian.org/security/2017/dsa-4013 https://github.com/uclouvain/openjpeg/issues/861 Common Vulnerability Exposure (CVE) ID: CVE-2016-9572 109233 http://www.securityfocus.com/bid/109233 DSA-3768 https://www.debian.org/security/2017/dsa-3768 GLSA-201710-26 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d https://github.com/uclouvain/openjpeg/issues/863 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9573 97073 http://www.securityfocus.com/bid/97073 RHSA-2017:0838 http://rhn.redhat.com/errata/RHSA-2017-0838.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 https://github.com/uclouvain/openjpeg/issues/862 Common Vulnerability Exposure (CVE) ID: CVE-2016-9580 94822 http://www.securityfocus.com/bid/94822 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580 https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 https://github.com/uclouvain/openjpeg/issues/871 Common Vulnerability Exposure (CVE) ID: CVE-2016-9581 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581 https://github.com/uclouvain/openjpeg/issues/872
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.