MGASA-2021-0326 - Updated openexr packages fix security vulnerabilities
Publication date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0326.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-3474,
CVE-2021-3475,
CVE-2021-3476,
CVE-2021-3477,
CVE-2021-3478,
CVE-2021-3479,
CVE-2021-3598,
CVE-2021-3605,
CVE-2021-20296,
CVE-2021-23169,
CVE-2021-23215,
CVE-2021-26260
Updated openexr packages fix security vulnerabilities:
It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code (CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477,
CVE-2021-3478, CVE-2021-3479, CVE-2021-3598, CVE-2021-3605, CVE-2021-20296,
CVE-2021-23169, CVE-2021-23215, CVE-2021-26260).
References:
- https://bugs.mageia.org/show_bug.cgi?id=29005
- https://www.openexr.com/
- https://ubuntu.com/security/notices/USN-4900-1
- https://ubuntu.com/security/notices/USN-4996-1
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20296
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260
SRPMS:
- 8/core/openexr-2.5.7-1.mga8
- 7/core/openexr-2.3.0-2.4.mga7
Mageia 2021-0326: openexr security update
Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files
Summary
CVE: CVE-2021-3474,
CVE-2021-3475,
CVE-2021-3476,
CVE-2021-3477,
CVE-2021-3478,
CVE-2021-3479,
CVE-2021-3598,
CVE-2021-3605,
CVE-2021-20296,
CVE-2021-23169,
CVE-2021-23215,
CVE-2021-26260
Updated openexr packages fix security vulnerabilities:
It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code (CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477,
CVE-2021-3478, CVE-2021-3479, CVE-2021-3598, CVE-2021-3605, CVE-2021-20296,
CVE-2021-23169, CVE-2021-23215, CVE-2021-26260).
Resolution
MGASA-2021-0326 - Updated openexr packages fix security vulnerabilities
References
- https://bugs.mageia.org/show_bug.cgi?id=29005
- https://www.openexr.com/
- https://ubuntu.com/security/notices/USN-4900-1
- https://ubuntu.com/security/notices/USN-4996-1
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20296
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260
Severity
Issued Date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0326.html
Type: security
Affected Mageia releases: 7, 8
News
HOWTOs
Features
CrowdSec v1.1.x Is Out! Here's What's New & How To Get Started
Open Source is Revolutionizing Careers in Cybersecurity - What You Need to Know
Black Hat USA & DEFCON 2021 Coverage on LinuxSecurity: What You Need to Know
TLS Email Encryption Explained - How To Encrypt Email with TLS
Keeping Your System Secure is Easier than Ever with LinuxSecurity Customized Advisories!
About Us
Powered By
