Bug 979907 - (CVE-2015-8871) VUL-0: CVE-2015-8871: openjpeg2: Use-after-free in opj_j2k_write_mco function
(CVE-2015-8871)
VUL-0: CVE-2015-8871: openjpeg2: Use-after-free in opj_j2k_write_mco function
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Hans Petter Jansson
Security Team bot
https://smash.suse.de/issue/169089/
CVSSv2:RedHat:CVE-2015-8871:5.1:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-13 12:43 UTC by Alexander Bergmann
Modified: 2017-09-26 01:12 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2016-05-13 22:01:32 UTC
bugbot adjusting priority
Comment 2 Asterios Dramis 2017-01-31 21:34:15 UTC
This issue does not affect openjpeg but openjpeg2 (see also rh#1335770).
Comment 3 Andreas Stieger 2017-05-19 09:42:11 UTC
(In reply to Asterios Dramis from comment #2)
> This issue does not affect openjpeg but openjpeg2 (see also rh#1335770).

assigning to openjpeg2 maintainers. Putting back into security analysis queue.
Comment 7 Swamp Workflow Management 2017-08-11 19:09:04 UTC
SUSE-SU-2017:2144-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 979907,997857
CVE References: CVE-2015-8871,CVE-2016-7163
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Server 12-SP3 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Server 12-SP2 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    openjpeg2-2.1.0-4.3.2
Comment 8 Andreas Stieger 2017-08-16 18:13:10 UTC
releasing for Leap, done
Comment 9 Swamp Workflow Management 2017-08-16 22:10:22 UTC
openSUSE-SU-2017:2186-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 979907,997857
CVE References: CVE-2015-8871,CVE-2016-7163
Sources used:
openSUSE Leap 42.3 (src):    openjpeg2-2.1.0-16.1
openSUSE Leap 42.2 (src):    openjpeg2-2.1.0-13.3.1
Comment 10 Swamp Workflow Management 2017-09-26 01:12:50 UTC
openSUSE-SU-2017:2567-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1002414,1007739,1007740,1007741,1007742,1007743,1007744,1007747,1014543,1014975,979907,997857,999817
CVE References: CVE-2015-8871,CVE-2016-7163,CVE-2016-7445,CVE-2016-8332,CVE-2016-9112,CVE-2016-9113,CVE-2016-9114,CVE-2016-9115,CVE-2016-9116,CVE-2016-9117,CVE-2016-9118,CVE-2016-9572,CVE-2016-9573,CVE-2016-9580,CVE-2016-9581
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    openjpeg2-2.1.0-5.1, openjpeg2-2.1.0-6.1