The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can force a NULL pointer to be dereferenced via opj_tgt_reset() of OpenJPEG, in order to trigger a denial of service.
Vulnerable software: Fedora, Ubuntu.
Severity of this announce: 1/4.
Creation date: 22/12/2020.
Références of this computer vulnerability: CVE-2020-27842, FEDORA-2020-3e00413763, FEDORA-2020-d32853a28d, USN-4685-1, USN-4686-1, VIGILANCE-VUL-34189.
Description of the vulnerability 
An attacker can force a NULL pointer to be dereferenced via opj_tgt_reset() of OpenJPEG, in order to trigger a denial of service. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This computer vulnerability bulletin impacts software or systems such as Fedora, Ubuntu.
Our Vigil@nce team determined that the severity of this vulnerability bulletin is low.
The trust level is of type confirmed by the editor, with an origin of document.
An attacker with a expert ability can exploit this threat note.
Solutions for this threat 
Fedora 32: new mingw-openjpeg2 packages.
New packages are available:
Fedora 32: mingw-openjpeg2 2.3.1-11.fc32
Fedora 32: new openjpeg2 packages.
New packages are available:
Fedora 32: openjpeg2 2.3.1-10.fc32
Fedora 33: new mingw-openjpeg2 packages.
New packages are available:
Fedora 33: mingw-openjpeg2 2.3.1-11.fc33
Fedora 33: new openjpeg2 packages.
New packages are available:
Fedora 33: openjpeg2 2.3.1-10.fc33
Ubuntu: new ghostscript packages.
New packages are available:
Ubuntu 18.04 LTS: ghostscript 9.26~dfsg+0-0ubuntu0.18.04.14
Ubuntu 16.04 LTS: ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14
Ubuntu: new libopenjp packages.
New packages are available:
Ubuntu 20.10: libopenjp 2.3.1-1ubuntu4.20.10.1
Ubuntu 20.04 LTS: libopenjp 2.3.1-1ubuntu4.20.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides a systems vulnerabilities bulletin. The technology watch team tracks security threats targeting the computer system.
|