Detections
Analytics
GLSA-202101-29 : OpenJPEG: Multiple vulnerabilities
high Nessus Plugin ID 145436
Language:
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-202101-29 (OpenJPEG: Multiple vulnerabilities)Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.
Impact :
Please review the referenced CVE identifiers for details.
Workaround :
There is no known workaround at this time.
Solution
All OpenJPEG 2 users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/openjpeg-2.4.0:2' Gentoo has discontinued support OpenJPEG 1.x and any dependent packages should now be using OpenJPEG 2 or have dropped support for the library.
We recommend that users unmerge OpenJPEG 1.x:
# emerge --unmerge 'media-libs/openjpeg:1'
See Also
Plugin Details
Severity: High
ID: 145436
File Name: gentoo_GLSA-202101-29.nasl
Version: 1.6
Type: local
Family: Gentoo Local Security Checks
Published: 1/26/2021
Updated: 1/26/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 8.3
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS Score Source: CVE-2020-27844
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2018-21010
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:openjpeg, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/26/2021
Vulnerability Publication Date: 6/26/2019
Reference Information
CVE: CVE-2018-21010, CVE-2019-12973, CVE-2020-15389, CVE-2020-27814, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27844, CVE-2020-27845
GLSA: 202101-29