openSUSE Security Update: Recommended update for openjpeg ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2568-1 Rating: moderate References: #1029609 #1059440 #999817 Cross-References: CVE-2016-7445 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openjpeg fixes the following vulnerability: * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash (bsc#999817) The following bug was also fixed: - Programs linked with libopenjpeg1 would expose non-standard math behavior due to usage of -ffast-math in openjpeg (boo#1029609, boo#1059440)</description> Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-1091=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-6.1 openjpeg-1.5.2-6.1 openjpeg-devel-1.5.2-6.1 References: https://www.suse.com/security/cve/CVE-2016-7445.html https://bugzilla.suse.com/1029609 https://bugzilla.suse.com/1059440 https://bugzilla.suse.com/999817