Debian alert DLA-4593-1 (openjpeg2) [LWN.net]


From:
               Jochen Sprickerhof <jspricke@debian.org>
To:
               debian-lts-announce@lists.debian.org
Subject:
               [SECURITY] [DLA 4593-1] openjpeg2 security update
Date:
               Thu, 21 May 2026 14:56:26 +0200
Message-ID:
               <ag8A-isoWzvNwdiK@mpd>
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4593-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Jochen Sprickerhof
May 21, 2026                                  https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : openjpeg2
Version        : 2.4.0-3+deb11u3
CVE ID         : CVE-2026-6192

A vulnerability was identified in uclouvain. This impacts the function
opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation
leads to integer overflow. The attack must be carried out locally.

For Debian 11 bullseye, this problem has been fixed in version
2.4.0-3+deb11u3.

We recommend that you upgrade your openjpeg2 packages.

For the detailed security status of openjpeg2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjpeg2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmoPAPoACgkQW//cwljm
lDMHlw//SFus23Te+MJRmOdLvVqmVfm2Lg0mhHsmlK3bcqL533shl9b2kh6p7PTx
XRVGKd8LQ+opFlJPj5n3677pucjAxb+FFSpJpBfNaMtuOrzMvLA3tYiQIoVM97pE
AM288XM65sDViTxxzhYuMT0NdRtBPvaIxrOG5tjzZSkAlUgZF5niXuT3klLVStdQ
HAiZfMnE2jIxh7aIRfFO6wRFbuaXbugJyPn7AH0s/VElMvsJSqZBJUKof/nUO4+Z
c9tuWuGgwuDNpyV3Lzy/Sd6UEwQZYDMsBnLMSGyRg8Cmco2/GIFDb+G8C8cTWHxD
beLYcsbPKZCR9aCWKfGQwqv5t+Az7g1wxrfRJ+hsoxz4n4q7CP77XIsGw3gva8Wc
nyZJl5FvhJW4MiOP0uBZ8VAQgOTKHnB2qS6vO8yflJ4RQjisvGqDAQB3zXG625v7
fpzuJKfrnT8fISR4wBgkcWMln2txe810z25G5jktlJ9j3TXsf2uHzsq6aumhICWX
WiJplhZ2/8159gZwCcQ7Ma+evT+Z8nYgutDJrh7Awmc0poXQukiI/akLC5L60lUn
DOMOZr34jexGrn17lkdO0MzehIvUsPt/MVYW2BKXIJm+OwUz0wlHhbD1Saukl4rC
UQpZI1qSxO36ueDdyAkoV4BK/2zCMve02ziXigDVQkQteDRfWw4=
=nVod
-----END PGP SIGNATURE-----

From:		Jochen Sprickerhof <jspricke@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 4593-1] openjpeg2 security update
Date:		Thu, 21 May 2026 14:56:26 +0200
Message-ID:		<ag8A-isoWzvNwdiK@mpd>