SUSE alert SUSE-SU-2025:03352-1 (openjpeg2)
| From: | SLE-SECURITY-UPDATES <null@suse.de> | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2025:03352-1: low: Security update for openjpeg2 | |
| Date: | Fri, 26 Sep 2025 05:18:40 -0000 | |
| Message-ID: | <175886392046.11123.15885021847154263722@smelt2.prg2.suse.org> |
# Security update for openjpeg2 Announcement ID: SUSE-SU-2025:03352-1 Release Date: 2025-09-25T11:50:28Z Rating: low References: * bsc#1111638 Cross-References: * CVE-2018-18088 CVSS scores: * CVE-2018-18088 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18088 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18088 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for openjpeg2 fixes the following issues: * CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function. (bsc#1111638). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3352=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3352=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3352=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3352=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3352=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-2.3.0-150000.3.21.1 * openjpeg2-debuginfo-2.3.0-150000.3.21.1 * openjpeg2-2.3.0-150000.3.21.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.21.1 * openjpeg2-devel-2.3.0-150000.3.21.1 * openjpeg2-debugsource-2.3.0-150000.3.21.1 * openSUSE Leap 15.6 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.21.1 * libopenjp2-7-32bit-2.3.0-150000.3.21.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-2.3.0-150000.3.21.1 * openjpeg2-debuginfo-2.3.0-150000.3.21.1 * openjpeg2-2.3.0-150000.3.21.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.21.1 * openjpeg2-devel-2.3.0-150000.3.21.1 * openjpeg2-debugsource-2.3.0-150000.3.21.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-2.3.0-150000.3.21.1 * openjpeg2-debuginfo-2.3.0-150000.3.21.1 * openjpeg2-2.3.0-150000.3.21.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.21.1 * openjpeg2-devel-2.3.0-150000.3.21.1 * openjpeg2-debugsource-2.3.0-150000.3.21.1 * SUSE Package Hub 15 15-SP6 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.21.1 * libopenjp2-7-32bit-2.3.0-150000.3.21.1 * SUSE Package Hub 15 15-SP7 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.21.1 * libopenjp2-7-32bit-2.3.0-150000.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2018-18088.html * https://bugzilla.suse.com/show_bug.cgi?id=1111638
Attachment: None (type=text/html)
(HTML attachment elided)