Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

openSUSE 15.1: 2020:0682-1 Moderate: openexr Out-Of-Bounds Issues

opensuse
Calendar Grey May 22, 2020
Dist Opensuse Esm H88
A new version of openexr has been released for openSUSE, fixing various security vulnerabilities and improving overall performance.
An update that solves 7 vulnerabilities and has one errata is now available.

Description

This update for openexr provides the following fix:

Security issues fixed:

- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read

function by DwaCompressor:Classifier:Classifier (bsc#1169575).

- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in

ImfMisc.cpp (bsc#1169574).

- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated

by ImfTileOffsets.cpp (bsc#1169576).

- CVE-2020-11762: Fixed an out-of-bounds read and write in

DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the

UNKNOWN compression case (bsc#1169549).

- CVE-2020-11761: Fixed an out-of-bounds read during Huffman

uncompression, as demonstrated by FastHufDecoder:refill in

ImfFastHuf.cpp (bsc#1169578).

- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in

rleUncompress in ImfRle.cpp (bsc#1169580).

- CVE-2020-11758: Fixed an out-of-bounds read in

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate software update out-of-bounds openSUSE openexr read fix

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-682=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

libIlmImf-2_2-23-2.2.1-lp151.4.9.1

libIlmImf-2_2-23-debuginfo-2.2.1-lp151.4.9.1

libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1

libIlmImfUtil-2_2-23-debuginfo-2.2.1-lp151.4.9.1

openexr-2.2.1-lp151.4.9.1

openexr-debuginfo-2.2.1-lp151.4.9.1

openexr-debugsource-2.2.1-lp151.4.9.1

openexr-devel-2.2.1-lp151.4.9.1

openexr-doc-2.2.1-lp151.4.9.1

- openSUSE Leap 15.1 (x86_64):

libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1

libIlmImf-2_2-23-32bit-debuginfo-2.2.1-lp151.4.9.1

libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1

libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-lp151.4.9.1

References

https://www.suse.com/security/cve/CVE-2020-11758.html

https://www.suse.com/security/cve/CVE-2020-11760.html

https://www.suse.com/security/cve/CVE-2020-11761.html

https://www.suse.com/security/cve/CVE-2020-11762.html

https://www.suse.com/security/cve/CVE-2020-11763.html

https://www.suse.com/security/cve/CVE-2020-11764.html

https://www.suse.com/security/cve/CVE-2020-11765.html

https://bugzilla.suse.com/1146648

https://bugzilla.suse.com/1169549

https://bugzilla.suse.com/1169573

https://bugzilla.suse.com/1169574

https://bugzilla.suse.com/1169575

https://bugzilla.suse.com/1169576

https://bugzilla.suse.com/1169578

https://bugzilla.suse.com/1169580

--

Announcement ID: openSUSE-SU-2020:0682-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory moderate software update out-of-bounds openSUSE openexr read fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here