Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202238011HistoryOct 28, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:3801-1)
2022-10-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.008 Low
EPSS
Percentile
81.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.3801.1");
script_cve_id("CVE-2018-21010", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845");
script_tag(name:"creation_date", value:"2022-10-28 04:36:32 +0000 (Fri, 28 Oct 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-01-08 18:10:17 +0000 (Fri, 08 Jan 2021)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:3801-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP2|SLES12\.0SP3|SLES12\.0SP4|SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:3801-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20223801-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'openjpeg2' package(s) announced via the SUSE-SU-2022:3801-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for openjpeg2 fixes the following issues:
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile
in bin/common/color.c (bsc#1149789).
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes()
(bsc#1179821).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset
function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet
function in openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions
opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in
openjp2/pi.c (bsc#1180046).");
script_tag(name:"affected", value:"'openjpeg2' package(s) on SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7", rpm:"libopenjp2-7~2.1.0~4.18.2", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7-debuginfo", rpm:"libopenjp2-7-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debuginfo", rpm:"openjpeg2-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debugsource", rpm:"openjpeg2-debugsource~2.1.0~4.18.2", rls:"SLES12.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7", rpm:"libopenjp2-7~2.1.0~4.18.2", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7-debuginfo", rpm:"libopenjp2-7-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debuginfo", rpm:"openjpeg2-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debugsource", rpm:"openjpeg2-debugsource~2.1.0~4.18.2", rls:"SLES12.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7", rpm:"libopenjp2-7~2.1.0~4.18.2", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7-debuginfo", rpm:"libopenjp2-7-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debuginfo", rpm:"openjpeg2-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debugsource", rpm:"openjpeg2-debugsource~2.1.0~4.18.2", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7", rpm:"libopenjp2-7~2.1.0~4.18.2", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenjp2-7-debuginfo", rpm:"libopenjp2-7-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debuginfo", rpm:"openjpeg2-debuginfo~2.1.0~4.18.2", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openjpeg2-debugsource", rpm:"openjpeg2-debugsource~2.1.0~4.18.2", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLES12 Security Update : openjpeg2 (SUSE-SU-2022:3801-1)
2022-10-28 00:00:00
SUSE SLED15 / SLES15 Security Update : openjpeg (SUSE-SU-2022:4082-1)
2022-11-19 00:00:00
SUSE SLED15 / SLES15 Security Update : openjpeg2 (SUSE-SU-2022:3802-1)
2022-10-28 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4082-1)
2022-11-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3802-1)
2022-10-28 00:00:00
Fedora: Security Advisory for mingw-openjpeg2 (FEDORA-2020-3e00413763)
2020-12-22 00:00:00
suse
suse
Security update for openjpeg2 (important)
2022-10-27 00:00:00
mageia
mageia
Updated openjpeg2 packages fix security vulnerabilities
2020-12-29 14:57:17
Updated openjpeg2 packages fix security vulnerabilities
2020-12-20 17:43:28
fedora
fedora
[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-10.fc33
2020-12-22 01:30:14
[SECURITY] Fedora 33 Update: mingw-openjpeg2-2.3.1-11.fc33
2020-12-22 01:30:14
[SECURITY] Fedora 32 Update: mingw-openjpeg2-2.3.1-11.fc32
2021-01-15 01:21:20
ubuntu
ubuntu
OpenJPEG vulnerabilities
2021-01-07 00:00:00
Ghostscript vulnerabilities
2021-01-07 00:00:00
OpenJPEG vulnerabilities
2023-03-15 00:00:00
osv
osv
openjpeg2 vulnerabilities
2021-01-07 13:59:57
ghostscript vulnerabilities
2021-01-07 14:10:16
openjpeg2 vulnerabilities
2023-03-15 11:56:14
gentoo
gentoo
OpenJPEG: Multiple vulnerabilities
2021-01-26 00:00:00
cloudfoundry
cloudfoundry
USN-5952-1: OpenJPEG vulnerabilities | Cloud Foundry
2023-04-29 00:00:00
debian
debian
[SECURITY] [DSA 4882-1] openjpeg2 security update
2021-04-01 19:50:00
[SECURITY] [DLA 2975-1] openjpeg2 security update
2022-04-10 12:53:52
[SECURITY] [DLA 1950-1] openjpeg2 security update
2019-10-08 14:10:39
archlinux
archlinux
[ASA-202012-21] openjpeg2: multiple issues
2020-12-09 00:00:00
cve
cve
redhatcve
redhatcve
ubuntucve
ubuntucve
prion
prion
Heap overflow
2019-09-05 13:15:00
Null pointer dereference
2021-01-05 18:15:00
Out-of-bounds
2021-01-05 18:15:00
alpinelinux
alpinelinux
CVE-2018-21010
2019-09-05 13:15:00
CVE-2020-27824
2021-05-13 14:15:00
veracode
veracode
Denial Of Service (DoS)
2021-01-07 19:09:59
Denial Of Service (DoS)
2021-01-07 19:14:45
Denial Of Service (DoS)
2021-01-07 19:18:13
debiancve
debiancve
almalinux
almalinux
Moderate: openjpeg2 security update
2021-11-09 08:51:11
redhat
redhat
(RHSA-2021:4251) Moderate: openjpeg2 security update
2021-11-09 08:51:11
oraclelinux
oraclelinux
openjpeg2 security update
2021-11-16 00:00:00
rocky
rocky
openjpeg2 security update
2021-11-09 08:51:11
amazon
amazon
Medium: openjpeg2
2022-01-18 21:37:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.008 Low
EPSS
Percentile
81.7%
Related for OPENVAS:13614125623114202238011