Vulnerabilities > CVE-2020-8112 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
uclouvain
debian
CWE-787
nessus

Summary

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

Vulnerable Configurations

Part Description Count
Application
Uclouvain
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0550.NASL
    descriptionFrom Red Hat Security Advisory 2020:0550 : An update for openjpeg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-02-20
    plugin id133823
    published2020-02-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133823
    titleOracle Linux 7 : openjpeg2 (ELSA-2020-0550)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0550 and 
    # Oracle Linux Security Advisory ELSA-2020-0550 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133823);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2020-8112");
      script_xref(name:"RHSA", value:"2020:0550");
    
      script_name(english:"Oracle Linux 7 : openjpeg2 (ELSA-2020-0550)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2020:0550 :
    
    An update for openjpeg2 is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenJPEG is an open source library for reading and writing image files
    in JPEG2000 format.
    
    Security Fix(es) :
    
    * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor
    in openjp2/t1.c (CVE-2020-8112)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2020-February/009646.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openjpeg2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openjpeg2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openjpeg2-devel-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openjpeg2-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openjpeg2-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openjpeg2-devel-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openjpeg2-devel-docs-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openjpeg2-tools-2.3.1-3.el7_7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2 / openjpeg2-devel / openjpeg2-devel-docs / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1168.NASL
    descriptionAccording to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.(CVE-2020-6851) - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.(CVE-2020-8112) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-02-25
    plugin id134002
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134002
    titleEulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2020-1168)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134002);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2020-6851",
        "CVE-2020-8112"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2020-1168)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the openjpeg2 package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - OpenJPEG through 2.3.1 has a heap-based buffer overflow
        in opj_t1_clbl_decode_processor in openjp2/t1.c because
        of lack of opj_j2k_update_image_dimensions
        validation.(CVE-2020-6851)
    
      - opj_t1_clbl_decode_processor in openjp2/t1.c in
        OpenJPEG 2.3.1 through 2020-01-28 has a heap-based
        buffer overflow in the qmfbid==1 case, a different
        issue than CVE-2020-6851.(CVE-2020-8112)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1168
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?996b497d");
      script_set_attribute(attribute:"solution", value:
    "Update the affected openjpeg2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["openjpeg2-2.3.0-9.h6.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2089.NASL
    descriptionopj_t1_clbl_decode_processor in openjp2/t1.c of OpenJPEG had a heap-based buffer overflow in the qmfbid==1 case, a similar but different issue than CVE-2020-6851. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id133365
    published2020-01-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133365
    titleDebian DLA-2089-1 : openjpeg2 security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2089-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133365);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/13");
    
      script_cve_id("CVE-2020-8112");
    
      script_name(english:"Debian DLA-2089-1 : openjpeg2 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "opj_t1_clbl_decode_processor in openjp2/t1.c of OpenJPEG had a
    heap-based buffer overflow in the qmfbid==1 case, a similar but
    different issue than CVE-2020-6851.
    
    For Debian 8 'Jessie', this problem has been fixed in version
    2.1.0-2+deb8u10.
    
    We recommend that you upgrade your openjpeg2 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/openjpeg2"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8112");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-7-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-7-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp3d-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp3d7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip-dec-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip-viewer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libopenjp2-7", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjp2-7-dbg", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjp2-7-dev", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjp2-tools", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjp3d-tools", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjp3d7", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjpip-dec-server", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjpip-server", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjpip-viewer", reference:"2.1.0-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libopenjpip7", reference:"2.1.0-2+deb8u10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1365.NASL
    descriptionAccording to the versions of the openjpeg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.(CVE-2020-8112) - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.(CVE-2020-6851) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-07
    modified2020-04-02
    plugin id135152
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135152
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : openjpeg2 (EulerOS-SA-2020-1365)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135152);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");
    
      script_cve_id(
        "CVE-2020-6851",
        "CVE-2020-8112"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : openjpeg2 (EulerOS-SA-2020-1365)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the openjpeg2 package installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - opj_t1_clbl_decode_processor in openjp2/t1.c in
        OpenJPEG 2.3.1 through 2020-01-28 has a heap-based
        buffer overflow in the qmfbid==1 case, a different
        issue than CVE-2020-6851.(CVE-2020-8112)
    
      - OpenJPEG through 2.3.1 has a heap-based buffer overflow
        in opj_t1_clbl_decode_processor in openjp2/t1.c because
        of lack of opj_j2k_update_image_dimensions
        validation.(CVE-2020-6851)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1365
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de59fa4e");
      script_set_attribute(attribute:"solution", value:
    "Update the affected openjpeg2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["openjpeg2-2.3.0-9.h6.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0550.NASL
    descriptionAn update for openjpeg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-17
    modified2020-02-24
    plugin id133872
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133872
    titleCentOS 7 : openjpeg2 (CESA-2020:0550)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0550 and 
    # CentOS Errata and Security Advisory 2020:0550 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133872);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26");
    
      script_cve_id("CVE-2020-8112");
      script_xref(name:"RHSA", value:"2020:0550");
    
      script_name(english:"CentOS 7 : openjpeg2 (CESA-2020:0550)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for openjpeg2 is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenJPEG is an open source library for reading and writing image files
    in JPEG2000 format.
    
    Security Fix(es) :
    
    * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor
    in openjp2/t1.c (CVE-2020-8112)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      # https://lists.centos.org/pipermail/centos-announce/2020-February/035644.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2bb2ad1c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openjpeg2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8112");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openjpeg2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openjpeg2-devel-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openjpeg2-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openjpeg2-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openjpeg2-devel-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openjpeg2-devel-docs-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openjpeg2-tools-2.3.1-3.el7_7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2 / openjpeg2-devel / openjpeg2-devel-docs / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0570.NASL
    descriptionAn update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-02-25
    plugin id134027
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134027
    titleRHEL 8 : openjpeg2 (RHSA-2020:0570)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0570. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134027);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2020-8112");
      script_xref(name:"RHSA", value:"2020:0570");
    
      script_name(english:"RHEL 8 : openjpeg2 (RHSA-2020:0570)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for openjpeg2 is now available for Red Hat Enterprise Linux
    8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenJPEG is an open source library for reading and writing image files
    in JPEG2000 format.
    
    Security Fix(es) :
    
    * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor
    in openjp2/t1.c (CVE-2020-8112)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-8112"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0570";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"openjpeg2-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"openjpeg2-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"openjpeg2-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"openjpeg2-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"openjpeg2-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"openjpeg2-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"openjpeg2-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"openjpeg2-debugsource-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"openjpeg2-debugsource-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"openjpeg2-debugsource-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"openjpeg2-debugsource-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"openjpeg2-devel-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"openjpeg2-devel-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"openjpeg2-devel-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"openjpeg2-devel-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", reference:"openjpeg2-devel-docs-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"openjpeg2-tools-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"openjpeg2-tools-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"openjpeg2-tools-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"openjpeg2-tools-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"openjpeg2-tools-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"openjpeg2-tools-debuginfo-2.3.1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"openjpeg2-tools-debuginfo-2.3.1-3.el8_1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2 / openjpeg2-debuginfo / openjpeg2-debugsource / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-AD63F760F4.NASL
    descriptionThis update backports a patch for CVE-2020-8112. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-24
    plugin id133890
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133890
    titleFedora 31 : mingw-openjpeg2 / openjpeg2 (2020-ad63f760f4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2020-ad63f760f4.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133890);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26");
    
      script_cve_id("CVE-2020-8112");
      script_xref(name:"FEDORA", value:"2020-ad63f760f4");
    
      script_name(english:"Fedora 31 : mingw-openjpeg2 / openjpeg2 (2020-ad63f760f4)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update backports a patch for CVE-2020-8112.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-ad63f760f4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw-openjpeg2 and / or openjpeg2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC31", reference:"mingw-openjpeg2-2.3.1-7.fc31")) flag++;
    if (rpm_check(release:"FC31", reference:"openjpeg2-2.3.1-6.fc31")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-openjpeg2 / openjpeg2");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0026_OPENJPEG2.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openjpeg2 packages installed that are affected by a vulnerability: - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-05
    modified2020-05-27
    plugin id136907
    published2020-05-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136907
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openjpeg2 Vulnerability (NS-SA-2020-0026)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2020-0026. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136907);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2020-8112");
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : openjpeg2 Vulnerability (NS-SA-2020-0026)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openjpeg2 packages installed that are affected
    by a vulnerability:
    
      - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG
        2.3.1 through 2020-01-28 has a heap-based buffer
        overflow in the qmfbid==1 case, a different issue than
        CVE-2020-6851. (CVE-2020-8112)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0026");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL openjpeg2 packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8112");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "openjpeg2-2.3.1-3.el7_7",
        "openjpeg2-debuginfo-2.3.1-3.el7_7",
        "openjpeg2-devel-2.3.1-3.el7_7",
        "openjpeg2-devel-docs-2.3.1-3.el7_7",
        "openjpeg2-tools-2.3.1-3.el7_7"
      ],
      "CGSL MAIN 5.04": [
        "openjpeg2-2.3.1-3.el7_7",
        "openjpeg2-debuginfo-2.3.1-3.el7_7",
        "openjpeg2-devel-2.3.1-3.el7_7",
        "openjpeg2-devel-docs-2.3.1-3.el7_7",
        "openjpeg2-tools-2.3.1-3.el7_7"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200219_OPENJPEG2_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112)
    last seen2020-03-18
    modified2020-02-20
    plugin id133826
    published2020-02-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133826
    titleScientific Linux Security Update : openjpeg2 on SL7.x x86_64 (20200219)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133826);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2020-8112");
    
      script_name(english:"Scientific Linux Security Update : openjpeg2 on SL7.x x86_64 (20200219)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - openjpeg: heap-based buffer overflow in
        pj_t1_clbl_decode_processor in openjp2/t1.c
        (CVE-2020-8112)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=9045
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9cacdf52"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openjpeg2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openjpeg2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openjpeg2-devel-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openjpeg2-tools");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openjpeg2-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openjpeg2-debuginfo-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openjpeg2-devel-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"SL7", reference:"openjpeg2-devel-docs-2.3.1-3.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openjpeg2-tools-2.3.1-3.el7_7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2 / openjpeg2-debuginfo / openjpeg2-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0550.NASL
    descriptionAn update for openjpeg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-02-20
    plugin id133824
    published2020-02-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133824
    titleRHEL 7 : openjpeg2 (RHSA-2020:0550)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0550. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133824);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2020-8112");
      script_xref(name:"RHSA", value:"2020:0550");
    
      script_name(english:"RHEL 7 : openjpeg2 (RHSA-2020:0550)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for openjpeg2 is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenJPEG is an open source library for reading and writing image files
    in JPEG2000 format.
    
    Security Fix(es) :
    
    * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor
    in openjp2/t1.c (CVE-2020-8112)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-8112"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0550";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", reference:"openjpeg2-2.3.1-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"openjpeg2-debuginfo-2.3.1-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"openjpeg2-devel-2.3.1-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"openjpeg2-devel-docs-2.3.1-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"openjpeg2-tools-2.3.1-3.el7_7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2 / openjpeg2-debuginfo / openjpeg2-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0569.NASL
    descriptionAn update for openjpeg2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-02-25
    plugin id134026
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134026
    titleRHEL 8 : openjpeg2 (RHSA-2020:0569)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-8193C0AA68.NASL
    descriptionThis update backports a patch for CVE-2020-8112. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-02
    plugin id134188
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134188
    titleFedora 30 : mingw-openjpeg2 / openjpeg2 (2020-8193c0aa68)

Redhat

advisories
  • bugzilla
    id1800535
    titleCVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentopenjpeg2-devel-docs is earlier than 0:2.3.1-3.el7_7
            ovaloval:com.redhat.rhsa:tst:20200550001
          • commentopenjpeg2-devel-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262002
        • AND
          • commentopenjpeg2-tools is earlier than 0:2.3.1-3.el7_7
            ovaloval:com.redhat.rhsa:tst:20200550003
          • commentopenjpeg2-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262004
        • AND
          • commentopenjpeg2-devel is earlier than 0:2.3.1-3.el7_7
            ovaloval:com.redhat.rhsa:tst:20200550005
          • commentopenjpeg2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262006
        • AND
          • commentopenjpeg2 is earlier than 0:2.3.1-3.el7_7
            ovaloval:com.redhat.rhsa:tst:20200550007
          • commentopenjpeg2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262008
    rhsa
    idRHSA-2020:0550
    released2020-02-19
    severityImportant
    titleRHSA-2020:0550: openjpeg2 security update (Important)
  • bugzilla
    id1800535
    titleCVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentopenjpeg2-devel-docs is earlier than 0:2.3.1-3.el8_1
            ovaloval:com.redhat.rhsa:tst:20200570001
          • commentopenjpeg2-devel-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262002
        • AND
          • commentopenjpeg2-debugsource is earlier than 0:2.3.1-3.el8_1
            ovaloval:com.redhat.rhsa:tst:20200570003
          • commentopenjpeg2-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200274004
        • AND
          • commentopenjpeg2-tools is earlier than 0:2.3.1-3.el8_1
            ovaloval:com.redhat.rhsa:tst:20200570005
          • commentopenjpeg2-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262004
        • AND
          • commentopenjpeg2 is earlier than 0:2.3.1-3.el8_1
            ovaloval:com.redhat.rhsa:tst:20200570007
          • commentopenjpeg2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262008
        • AND
          • commentopenjpeg2-devel is earlier than 0:2.3.1-3.el8_1
            ovaloval:com.redhat.rhsa:tst:20200570009
          • commentopenjpeg2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200262006
    rhsa
    idRHSA-2020:0570
    released2020-02-24
    severityImportant
    titleRHSA-2020:0570: openjpeg2 security update (Important)
  • rhsa
    idRHSA-2020:0569
  • rhsa
    idRHSA-2020:0694
rpms
  • openjpeg2-0:2.3.1-3.el7_7
  • openjpeg2-debuginfo-0:2.3.1-3.el7_7
  • openjpeg2-devel-0:2.3.1-3.el7_7
  • openjpeg2-devel-docs-0:2.3.1-3.el7_7
  • openjpeg2-tools-0:2.3.1-3.el7_7
  • openjpeg2-0:2.3.0-10.el8_0
  • openjpeg2-debuginfo-0:2.3.0-10.el8_0
  • openjpeg2-debugsource-0:2.3.0-10.el8_0
  • openjpeg2-devel-docs-0:2.3.0-10.el8_0
  • openjpeg2-tools-0:2.3.0-10.el8_0
  • openjpeg2-tools-debuginfo-0:2.3.0-10.el8_0
  • openjpeg2-0:2.3.1-3.el8_1
  • openjpeg2-debuginfo-0:2.3.1-3.el8_1
  • openjpeg2-debugsource-0:2.3.1-3.el8_1
  • openjpeg2-devel-0:2.3.1-3.el8_1
  • openjpeg2-devel-docs-0:2.3.1-3.el8_1
  • openjpeg2-tools-0:2.3.1-3.el8_1
  • openjpeg2-tools-debuginfo-0:2.3.1-3.el8_1