Debian DLA-1433-1 : openjpeg2 security update
Medium Nessus Plugin ID 111170
SynopsisThe remote Debian host is missing a security update.
DescriptionCVE-2015-1239 Fix for denial of service (process crash) via a crafted PDF.
CVE-2016-5139 Fix for integer overflows, allowing a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
For Debian 8 'Jessie', these problems have been fixed in version 2.1.0-2+deb8u4.
We recommend that you upgrade your openjpeg2 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.