ALAS-2014-271


Amazon Linux AMI Security Advisory: ALAS-2014-271
Advisory Release Date: 2014-09-16 22:15 Pacific
Severity: Important

Issue Overview:

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6045 , CVE-2013-6054 )

Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash (CVE-2013-1447 , CVE-2013-6052 )


Affected Packages:

openjpeg


Issue Correction:
Run yum update openjpeg to update your system.

New Packages:
i686:
    openjpeg-libs-1.3-10.7.amzn1.i686
    openjpeg-devel-1.3-10.7.amzn1.i686
    openjpeg-debuginfo-1.3-10.7.amzn1.i686
    openjpeg-1.3-10.7.amzn1.i686

src:
    openjpeg-1.3-10.7.amzn1.src

x86_64:
    openjpeg-1.3-10.7.amzn1.x86_64
    openjpeg-debuginfo-1.3-10.7.amzn1.x86_64
    openjpeg-devel-1.3-10.7.amzn1.x86_64
    openjpeg-libs-1.3-10.7.amzn1.x86_64