RedHat has issued an advisory today (September 17): https://rhn.redhat.com/errata/RHSA-2012-1283.html Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated openjpeg packages fix security vulnerability: It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code (CVE-2012-3535). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3535 https://rhn.redhat.com/errata/RHSA-2012-1283.html ======================== Updated packages in core/updates_testing: ======================== libopenjpeg2-1.3-7.3.mga1 libopenjpeg-devel-1.3-7.3.mga1 openjpeg-1.5.0-1.4.mga2 libopenjpeg1-1.5.0-1.4.mga2 libopenjpeg-devel-1.5.0-1.4.mga2 from SRPMS: openjpeg-1.3-7.3.mga1.src.rpm openjpeg-1.5.0-1.4.mga2.src.rpm
Whiteboard: (none) => MGA1TOOSeverity: normal => critical
Tested on Mageia 2 x86_64. Here is the testing procedure used for this package: http://www.openjpeg.org/index.php?menu=samples I don't know if this is the right way to test this package.
CC: (none) => ed_rus099
I forgot to say that works ok. :)
Yes that works Eduard, well done for finding it. It's an open source jpeg2000 library. From memory, I don't think mga1 has the image_to_j2k command. I think we used Krita last time for that
Hardware: i586 => AllWhiteboard: MGA1TOO => MGA1TOO has_procedure mga2-64-OK
Testing complete Mga1 32 Tested using krita to open a j2k and then open a bmp and save as jpeg2000 $ grep libopenjpeg strace.out | grep -v "such file" open("/usr/lib/libopenjpeg.so.2", O_RDONLY) = 26
Whiteboard: MGA1TOO has_procedure mga2-64-OK => MGA1TOO has_procedure mga1-32-OK mga2-64-OK
Testing complete mga1 64 $ grep libopenjpeg strace.out | grep -v "such file" open("/usr/lib64/libopenjpeg.so.2", O_RDONLY) = 28
Whiteboard: MGA1TOO has_procedure mga1-32-OK mga2-64-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-64-OK
Testing complete mga2 32 Validating See comment 0 for advisory and srpms Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-64-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-32-OK mga2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0274
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED