Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 43 usd 2026-cde75a1416 OpenEXRCore Security Fixes DoS Issues

fedora
Calendar Grey April 18, 2026
Dist Fedora Esm H88
Several OpenEXRCore security fixes are released for Fedora 43 addressing critical issues and enhancing system safety.
Backport several OpenEXRCore security fixes Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493 Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534 Fixes CV...

Summary

Universal Scene Description (USD) is a time-sampled scene

description for interchange between graphics applications.

Update Information:

Backport several OpenEXRCore security fixes Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493 Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534 Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505 Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501 Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497

Topics%20covered

Topics Covered

security advisory security update fedora DoS backport openexrcore

Change Log

* Wed Apr 8 2026 Benjamin A. Beasley - 25.08-20 - Backport several OpenEXRCore security fixes - Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493 - Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534 - Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505 - Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501 - Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497 * Tue Apr 7 2026 Benjamin A. Beasley - 25.08-19 - Backport fix for CVE-2026-34544 in OpenEXRCore - Fixes RHBZ#2454226 * Tue Apr 7 2026 Orion Poplawski - 25.08-18 - Make devel require cmake(OpenSubdiv) and cmake(materialx)

References


[ 1 ] Bug #2455493 - CVE-2026-34378 usd: OpenEXR: Denial of Service via crafted EXR file integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455493 [ 2 ] Bug #2455497 - CVE-2026-34379 usd: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455497 [ 3 ] Bug #2455501 - CVE-2026-34589 usd: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455501 [ 4 ] Bug #2455505 - CVE-2026-34588 usd: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455505 [ 5 ] Bug #2455534 - CVE-2026-34380 usd: OpenEXR: Denial of Service due to signed integer overflow in image decoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455534

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cde75a1416' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: usd
Product: Fedora 43
Version: 25.08
Release: 20.fc43
URL: http://www.openusd.org/
Summary: 3D VFX pipeline interchange file format

Topics%20covered

Topics Covered

security advisory security update fedora DoS backport openexrcore

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here