Amazon Linux 2022 Security Advisory: ALAS-2022-122
Advisory Release Date: 2022-07-26 20:36 Pacific
Advisory Updated Date: 2022-07-27 19:19 Pacific
A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. (CVE-2022-1122)
Affected Packages:
openjpeg2
Issue Correction:
Run dnf update --releasever=2022.0.20220728 openjpeg2 to update your system.
aarch64:
openjpeg2-debuginfo-2.4.0-11.amzn2022.0.1.aarch64
openjpeg2-devel-2.4.0-11.amzn2022.0.1.aarch64
openjpeg2-tools-2.4.0-11.amzn2022.0.1.aarch64
openjpeg2-debugsource-2.4.0-11.amzn2022.0.1.aarch64
openjpeg2-2.4.0-11.amzn2022.0.1.aarch64
openjpeg2-tools-debuginfo-2.4.0-11.amzn2022.0.1.aarch64
i686:
openjpeg2-debuginfo-2.4.0-11.amzn2022.0.1.i686
openjpeg2-tools-debuginfo-2.4.0-11.amzn2022.0.1.i686
openjpeg2-debugsource-2.4.0-11.amzn2022.0.1.i686
openjpeg2-2.4.0-11.amzn2022.0.1.i686
openjpeg2-tools-2.4.0-11.amzn2022.0.1.i686
openjpeg2-devel-2.4.0-11.amzn2022.0.1.i686
noarch:
openjpeg2-devel-docs-2.4.0-11.amzn2022.0.1.noarch
src:
openjpeg2-2.4.0-11.amzn2022.0.1.src
x86_64:
openjpeg2-tools-debuginfo-2.4.0-11.amzn2022.0.1.x86_64
openjpeg2-debuginfo-2.4.0-11.amzn2022.0.1.x86_64
openjpeg2-tools-2.4.0-11.amzn2022.0.1.x86_64
openjpeg2-debugsource-2.4.0-11.amzn2022.0.1.x86_64
openjpeg2-2.4.0-11.amzn2022.0.1.x86_64
openjpeg2-devel-2.4.0-11.amzn2022.0.1.x86_64