Security update for openjpeg2

Announcement ID:	SUSE-SU-2017:2649-1
Rating:	moderate
References:	bsc#1056421 bsc#1056562 bsc#1056621 bsc#1056622 bsc#1057511
Cross-References:	CVE-2016-10507 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164
CVSS scores:	CVE-2016-10507 ( SUSE ): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2016-10507 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14039 ( SUSE ): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-14039 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14039 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14040 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-14040 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14040 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14041 ( SUSE ): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-14041 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14041 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14164 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14164 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2

An update that solves five vulnerabilities can now be installed.

Description:

This update for openjpeg2 fixes several issues.

These security issues were fixed:

• CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421).
• CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622).
• CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511).
• CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621).
• CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP2
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1636=1
• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1636=1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1636=1
• SUSE Linux Enterprise High Performance Computing 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1636=1
• SUSE Linux Enterprise Server 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1636=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1636=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1636=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1636=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1636=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • openjpeg2-debuginfo-2.1.0-4.6.1
  • libopenjp2-7-2.1.0-4.6.1
  • libopenjp2-7-debuginfo-2.1.0-4.6.1
  • openjpeg2-debugsource-2.1.0-4.6.1

References:

• https://www.suse.com/security/cve/CVE-2016-10507.html
• https://www.suse.com/security/cve/CVE-2017-14039.html
• https://www.suse.com/security/cve/CVE-2017-14040.html
• https://www.suse.com/security/cve/CVE-2017-14041.html
• https://www.suse.com/security/cve/CVE-2017-14164.html
• https://bugzilla.suse.com/show_bug.cgi?id=1056421
• https://bugzilla.suse.com/show_bug.cgi?id=1056562
• https://bugzilla.suse.com/show_bug.cgi?id=1056621
• https://bugzilla.suse.com/show_bug.cgi?id=1056622
• https://bugzilla.suse.com/show_bug.cgi?id=1057511