EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2019-1775)

High Nessus Plugin ID 127012

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

- An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.(CVE-2018-7648)

- In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-17480)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected openjpeg2 packages.

See Also

http://www.nessus.org/u?700a69d8

Plugin Details

Severity: High

ID: 127012

File Name: EulerOS_SA-2019-1775.nasl

Version: 1.1

Type: local

Published: 2019/07/25

Updated: 2019/07/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:openjpeg2, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Patch Publication Date: 2019/07/25

Reference Information

CVE: CVE-2017-17480, CVE-2018-7648