openSUSE: 2020:2351-1 moderate: openexr.


   openSUSE Security Update: Security update for openexr
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:2351-1
Rating:             moderate
References:         #1179879 
Cross-References:   CVE-2020-16587 CVE-2020-16588 CVE-2020-16589
                   
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for openexr fixes the following issues:

   Security issues fixed:

   - CVE-2020-16587: Fixed a heap-based buffer overflow in
     chunkOffsetReconstruction in ImfMultiPartInputFile.cpp (bsc#1179879).
   - CVE-2020-16588: Fixed a null pointer deference in generatePreview
     (bsc#1179879).
   - CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in
     ImfTiledOutputFile.cpp (bsc#1179879).

   This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2020-2351=1



Package List:

   - openSUSE Leap 15.2 (i586 x86_64):

      libIlmImf-2_2-23-2.2.1-lp152.7.8.1
      libIlmImf-2_2-23-debuginfo-2.2.1-lp152.7.8.1
      libIlmImfUtil-2_2-23-2.2.1-lp152.7.8.1
      libIlmImfUtil-2_2-23-debuginfo-2.2.1-lp152.7.8.1
      openexr-2.2.1-lp152.7.8.1
      openexr-debuginfo-2.2.1-lp152.7.8.1
      openexr-debugsource-2.2.1-lp152.7.8.1
      openexr-devel-2.2.1-lp152.7.8.1
      openexr-doc-2.2.1-lp152.7.8.1

   - openSUSE Leap 15.2 (x86_64):

      libIlmImf-2_2-23-32bit-2.2.1-lp152.7.8.1
      libIlmImf-2_2-23-32bit-debuginfo-2.2.1-lp152.7.8.1
      libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.8.1
      libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-lp152.7.8.1


References:

   https://www.suse.com/security/cve/CVE-2020-16587.html
   https://www.suse.com/security/cve/CVE-2020-16588.html
   https://www.suse.com/security/cve/CVE-2020-16589.html
   https://bugzilla.suse.com/1179879
_______________________________________________
openSUSE Security Announce mailing list -- [email protected]
To unsubscribe, email [email protected]
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/[email protected]pensuse.org

Advisories

What Are You Looking For?

Popular Tags

openSUSE: 2020:2351-1 moderate: openexr

Description

Patch

Package List

References

Related News

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Linux Foundation creates standards for voice technology with major partners

The ISRG wants to make the Linux kernel memory-safe with Rust

News

Advisories

HOWTOs

Features

Secure Linux Hosting for Businesses

What Is Threat Intelligence?

CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services

LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website

Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security

About Us

Powered By

Advisories

What Are You Looking For?

Popular Tags

Sign In

Not a Member Yet?

openSUSE: 2020:2351-1 moderate: openexr

Description

Patch

Package List

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By