[gentoo-announce] [ GLSA 201712-02 ] OpenCV: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201712-02 ] OpenCV: Multiple vulnerabilities
Date:	Thu, 14 Dec 2017 17:05:47
Message-Id:	`0ebbb0ee-509b-48f2-7092-8c8a3b7e8e03@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201712-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: OpenCV: Multiple vulnerabilities

9

     Date: December 14, 2017

10

     Bugs: #627230, #627958

11

       ID: 201712-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in OpenCV, the worst of

19

which may result in a denial of service condition.

20

21

Background

22

==========

23

24

OpenCV (Open Source Computer Vision Library) is an open source computer

25

vision and machine learning software library.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  media-libs/opencv          < 2.4.13-r3              >= 2.4.13-r3

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been discovered in OpenCV. Please review

39

the referenced CVE identifiers for details.

40

41

Impact

42

======

43

44

An attacker can cause a denial of service condition or conduct other

45

memory corruption attacks.

46

47

Workaround

48

==========

49

50

There are no known workarounds at this time.

51

52

Resolution

53

==========

54

55

All OpenCV users should upgrade to the latest version:

56

57

  # emerge --sync

58

  # emerge --ask --oneshot --verbose ">=media-libs/opencv-2.4.13-r3"

59

60

References

61

==========

62

63

[  1 ] CVE-2017-12597

64

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12597

65

[  2 ] CVE-2017-12598

66

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12598

67

[  3 ] CVE-2017-12599

68

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12599

69

[  4 ] CVE-2017-12600

70

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12600

71

[  5 ] CVE-2017-12601

72

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12601

73

[  6 ] CVE-2017-12602

74

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12602

75

[  7 ] CVE-2017-12603

76

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12603

77

[  8 ] CVE-2017-12604

78

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12604

79

[  9 ] CVE-2017-12605

80

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12605

81

[ 10 ] CVE-2017-12606

82

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12606

83

[ 11 ] CVE-2017-12862

84

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12862

85

[ 12 ] CVE-2017-12863

86

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12863

87

[ 13 ] CVE-2017-12864

88

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12864

89

[ 14 ] CVE-2017-14136

90

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14136

91

92

Availability

93

============

94

95

This GLSA and any updates to it are available for viewing at

96

the Gentoo Security Website:

97

98

 https://security.gentoo.org/glsa/201712-02

99

100

Concerns?

101

=========

102

103

Security is a primary focus of Gentoo Linux and ensuring the

104

confidentiality and security of our users' machines is of utmost

105

importance to us. Any security concerns should be addressed to

106

security@g.o or alternatively, you may file a bug at

107

https://bugs.gentoo.org.

108

109

License

110

=======

111

112

Copyright 2017 Gentoo Foundation, Inc; referenced text

113

belongs to its owner(s).

114

115

The contents of this document are licensed under the

116

Creative Commons - Attribution / Share Alike license.

117

118

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201712-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: OpenCV: Multiple vulnerabilities
9	Date: December 14, 2017
10	Bugs: #627230, #627958
11	ID: 201712-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in OpenCV, the worst of
19	which may result in a denial of service condition.
20
21	Background
22	==========
23
24	OpenCV (Open Source Computer Vision Library) is an open source computer
25	vision and machine learning software library.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 media-libs/opencv < 2.4.13-r3 >= 2.4.13-r3
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been discovered in OpenCV. Please review
39	the referenced CVE identifiers for details.
40
41	Impact
42	======
43
44	An attacker can cause a denial of service condition or conduct other
45	memory corruption attacks.
46
47	Workaround
48	==========
49
50	There are no known workarounds at this time.
51
52	Resolution
53	==========
54
55	All OpenCV users should upgrade to the latest version:
56
57	# emerge --sync
58	# emerge --ask --oneshot --verbose ">=media-libs/opencv-2.4.13-r3"
59
60	References
61	==========
62
63	[ 1 ] CVE-2017-12597
64	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12597
65	[ 2 ] CVE-2017-12598
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12598
67	[ 3 ] CVE-2017-12599
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12599
69	[ 4 ] CVE-2017-12600
70	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12600
71	[ 5 ] CVE-2017-12601
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12601
73	[ 6 ] CVE-2017-12602
74	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12602
75	[ 7 ] CVE-2017-12603
76	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12603
77	[ 8 ] CVE-2017-12604
78	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12604
79	[ 9 ] CVE-2017-12605
80	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12605
81	[ 10 ] CVE-2017-12606
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12606
83	[ 11 ] CVE-2017-12862
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12862
85	[ 12 ] CVE-2017-12863
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12863
87	[ 13 ] CVE-2017-12864
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12864
89	[ 14 ] CVE-2017-14136
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14136
91
92	Availability
93	============
94
95	This GLSA and any updates to it are available for viewing at
96	the Gentoo Security Website:
97
98	https://security.gentoo.org/glsa/201712-02
99
100	Concerns?
101	=========
102
103	Security is a primary focus of Gentoo Linux and ensuring the
104	confidentiality and security of our users' machines is of utmost
105	importance to us. Any security concerns should be addressed to
106	security@g.o or alternatively, you may file a bug at
107	https://bugs.gentoo.org.
108
109	License
110	=======
111
112	Copyright 2017 Gentoo Foundation, Inc; referenced text
113	belongs to its owner(s).
114
115	The contents of this document are licensed under the
116	Creative Commons - Attribution / Share Alike license.
117
118	http://creativecommons.org/licenses/by-sa/2.5