ESB-2018.2124 - [Win][UNIX/Linux][Debian][Mobile] opencv: Multiple vulnerabilities 2018-07-23

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2124
                          opencv security update
                               23 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           opencv
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
                   Mobile Device
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-5269 CVE-2018-5268 CVE-2017-1000450
                   CVE-2017-17760 CVE-2017-14136 CVE-2017-12864
                   CVE-2017-12863 CVE-2017-12862 CVE-2017-12606
                   CVE-2017-12605 CVE-2017-12604 CVE-2017-12603
                   CVE-2017-12601 CVE-2017-12599 CVE-2017-12598
                   CVE-2017-12597 CVE-2016-1516 

Reference:         ESB-2018.1457
                   ESB-2018.1195

Original Bulletin: 
   https://security-tracker.debian.org/tracker/DLA-1438-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running opencv check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : opencv
Version        : 2.4.9.1+dfsg-1+deb8u2
CVE ID         : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598
                  CVE-2017-12599 CVE-2017-12601 CVE-2017-12603
                  CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
                  CVE-2017-12862 CVE-2017-12863 CVE-2017-12864
                  CVE-2017-14136 CVE-2017-17760 CVE-2017-1000450
                  CVE-2018-5268 CVE-2018-5269



Early versions of opencv have problems while reading data, which might 
result in either buffer overflows, out-of bounds errors or integer 
overflows.
Further assertion errors might happen due to incorrect integer cast.



For Debian 8 "Jessie", these problems have been fixed in version
2.4.9.1+dfsg-1+deb8u2.

We recommend that you upgrade your opencv packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJbVF/BXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHu9EP/1uFEZvO8uMBHIPD0znbYvfQ
JG9cK9d5lvw5h2qB6BHp/bMXLtncvhOC64TqzjIGmSiD9kBxMLt8dM/orSEmDUjJ
CIJuWksSyc6iSnu3QSldPaSgqJHeeYW6LXOUhlb7DjiLv4TAtmW7w8QEp52GVzOB
9VUE5ohJ4Q5K+10SUId8Sy3cfnIqVnaTHz18K2YdM4L4/r9Mmo64nwlUSrlIaC3l
XgtqV3LenSN64nTDF/vYyXYJ57ZCh3TW863Fo2BjujR4or41IxVU2Cue2HjVYzmU
TskdUUC6S/46rZNb/WVjDK/D1kKAnPiZAzV3prvmA2zqXKCgfuVfDIj3iLoDYszC
lqm5egFjWj77pVtWcJA06g6HNhE30YkjKcRXnVY4vo37Mnj29CUMfK+QMhqc8Caz
gvOEX+pRlNa3bn2djeVt+6FG2y9BaTQZKRmLY6EFLD3CwUsGfuSmZdTY6iVNlbBT
xXOBf9EtHpv4KeZwBJy/rDS8Rbab199/Kia75rPF+KTPl0uhdHSQQ/l2Yt4MTrX4
/VEBw89MVYf6dgXcm9U0jbC0GNWUHqqaFvfrny7iBILSWeN/TIcSw4wn/bWoq2Xe
Q2Wh3r2Lz31OkeLesStiNa5XaFgxrLQzOMmRL9c0sxa+evqQ2Px+XUj2HHz3hcFS
WlYC4YXevRjDXceNhob4
=CtOL
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW1UihGaOgq3Tt24GAQhzYw//WQRBxV9q3+WEUTLlxzh3/cbOB2+UVBM5
hEO17c/NOZZLGCtgkAKLDSqBr/0Ez2dVtsh58MsawQhR/riyxU81fEBFK9gymJAP
rnd+dD1f/1K+cXK8p+FnTZ1Bo0IOxo42TjYbWpQZwq+EvuLaE5gBh5dm7wxTkihQ
Ljd2r19aozCwerKU0xB4dOr69aZIAJbBNuhqZrzkKKjq9PIDpnWIbIbIBjX1aHW8
83fDQCASW+GgYP5f9hZgIfWsZVV5MblUg2WpeMZadih2JOWD+LVtgtGSMzpKxLTv
jmuehlFQEpVDJ/kFABZV8ZbeIaX81dhwE0AopTlF5X6p3RMI4x99BWiRuKGS8KHG
vtgma8gtpl3oIHZSNF+z3/5WXv9N3daNkfRECaY6bXylxLAfUJZ7ro1eS7qMQ7xq
z8GbvUGZPJtf1KEfWWFWDHW1/3tzD5Ud5NYyBMqbMuPDaqvLh4UygP7PMRmYJ4nD
VrKL5CLjd4ERCRnEHsFohK3CDGi063XBwshXuGa/Ks9u+iB+HBAOWGwtKyW83OEC
SWL1FZHYxSwVQ3UeId16Pt7BH31Zjug52rnVpzf4t9hBCNjha4VjxtQ5ogmsIwUm
GEY0l1UodpMT0ZU5hlBswVFHPbzo5tAKiPJGAFdXSZyJstNrHptvLntGpQZzH23c
fL4Uju2hmc8=
=kSaE
-----END PGP SIGNATURE-----

« Back to bulletins