Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 38: 2024-02-25 Moderate: mingw-openexr Heap Overflow Fix

fedora
Calendar Grey February 25, 2024
Dist Fedora Esm H88
Essential patch addressing stack overflow exposure in Fedora 38 mingw-openexr package, released on February 25, 2024.
Backport fix for CVE-2023-5841.

Summary

MinGW Windows openexr library.

Update Information:

Backport fix for CVE-2023-5841.

Topics%20covered

Topics Covered

security advisory moderate update Fedora heap overflow backport patch mingw-openexr

Change Log

* Fri Feb 16 2024 Sandro Mani - 3.1.10-4 - Backport patch for CVE-2023-5841 * Thu Jan 25 2024 Fedora Release Engineering - 3.1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 3.1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Aug 4 2023 Sandro Mani - 3.1.10-1 - Update to 3.1.10 * Thu Jul 20 2023 Fedora Release Engineering - 3.1.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 18 2023 Sandro Mani - 3.1.9-1 - Update to 3.1.9 * Fri May 19 2023 Sandro Mani - 3.1.7-1 - Update to 3.1.7 * Mon Mar 20 2023 Sandro Mani - 3.1.6-1 - Update to 3.1.6

References


[ 1 ] Bug #2262407 - TRIAGE CVE-2023-5841 mingw-openexr: OpenEXR: Heap Overflow in Scanline Deep Data Parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2262407

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f4d51715fe' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: mingw-openexr
Product: Fedora 38
Version: 3.1.10
Release: 4.fc38
URL: https://openexr.com/en/latest/
Summary: MinGW Windows openexr library

Topics%20covered

Topics Covered

security advisory moderate update Fedora heap overflow backport patch mingw-openexr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here