Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 37: 2022-fc361cc7b6 Critical: OpenImageIO DoS and Buffer Overflow

fedora
Calendar Grey January 1, 2023
Dist Fedora Esm H88
Modifications for OpenImageIO on Fedora tackle vulnerabilities and rectify significant problems. Review vital update details promptly.
OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications

Summary

OpenImageIO is a library for reading and writing images, and a bunch of related

classes, utilities, and applications. Main features include:

- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and

writing 2D images that is format agnostic.

- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,

DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,

PNM/PPM/PGM/PBM.

- An ImageCache class that transparently manages a cache so that it can access

truly vast amounts of image data.

* Update to 2.4.6.1, see release notes for details:

https://github.com/AcademySoftwareFoundation/OpenImageIO/releases * Security fix for

* Thu Dec 22 2022 Richard Shaw - 2.4.6.1-1

- Update to 2.4.6.1.

* Tue Dec 20 2022 Gwyn Ciesla - 2.4.4.2-3

- LibRaw rebuild

* Tue Nov 15 2022 Richard Shaw - 2.4.4.2-2

- Rebuild for yaml-cpp 0.7.0.

[ 1 ] Bug #2139227 - OpenImageIO-2.4.6.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2139227

[ 2 ] Bug #2156029 - CVE-2022-43603 OpenImageIO: denial of service vulnerability [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2156029

[ 3 ] Bug #2156033 - CVE-2022-41981 OpenImageIO: stack-based buffer overflow vulnerability [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2156033

su -c 'dnf upgrade --advisory FEDORA-2022-fc361cc7b6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora DoS OpenImageIO

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 2.4.6.1
Release: 1.fc37
URL: https://sites.google.com/site/openimageio/home
Summary: Library for reading and writing images

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora DoS OpenImageIO

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here