Bug 812317 (CVE-2009-5030)
Summary: | CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | adam, erik-fedora, jcapik, oliver, rdieter, tgl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-07-11 17:02:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 812318, 812319, 831561, 831562 | ||
Bug Blocks: | 812327 |
Description
Jan Lieskovsky
2012-04-13 11:24:09 UTC
This issue affects the version of the openjpeg package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the openjpeg and mingw32-openjpeg packages, as shipped with Fedora release of 15 and 16. Please schedule an update once there is final upstream patch available (doesn't seem to be as of right now). Created openjpeg tracking bugs for this issue Affects: fedora-all [bug 812318] Created mingw32-openjpeg tracking bugs for this issue Affects: fedora-all [bug 812319] Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/13/5 Patch available at: http://code.google.com/p/openjpeg/source/detail?r=1703 openjpeg-1.4-13.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. openjpeg-1.4-13.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1068 https://rhn.redhat.com/errata/RHSA-2012-1068.html |