Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE Leap 15.2 Notice: openexr Critical Update 2021:1198-1

opensuse
Calendar Grey August 25, 2021
Dist Opensuse Esm H88
This upgrade addresses critical bugs in openexr, improving security and reliability for openSUSE environments.
An update that fixes 7 vulnerabilities is now available

Description

This update for openexr fixes the following issues:

- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor

- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in

Imf_2_5:Header:operator

- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in

Imf_2_5:hufUncompress

- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in

Imf_2_5:precalculateTileInfot

- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in

Imf_2_5::copyIntoFrameBuffer

- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode

This update was imported from the SUSE:SLE-15:Update update project.

Topics%20covered

Topics Covered

security advisory heap overflow important update openSUSE out-of-memory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1198=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

libIlmImf-2_2-23-2.2.1-lp152.7.20.1

libIlmImf-2_2-23-debuginfo-2.2.1-lp152.7.20.1

libIlmImfUtil-2_2-23-2.2.1-lp152.7.20.1

libIlmImfUtil-2_2-23-debuginfo-2.2.1-lp152.7.20.1

openexr-2.2.1-lp152.7.20.1

openexr-debuginfo-2.2.1-lp152.7.20.1

openexr-debugsource-2.2.1-lp152.7.20.1

openexr-devel-2.2.1-lp152.7.20.1

openexr-doc-2.2.1-lp152.7.20.1

- openSUSE Leap 15.2 (x86_64):

libIlmImf-2_2-23-32bit-2.2.1-lp152.7.20.1

libIlmImf-2_2-23-32bit-debuginfo-2.2.1-lp152.7.20.1

libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.20.1

libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-lp152.7.20.1

References

https://www.suse.com/security/cve/CVE-2021-20298.html

https://www.suse.com/security/cve/CVE-2021-20299.html

https://www.suse.com/security/cve/CVE-2021-20300.html

https://www.suse.com/security/cve/CVE-2021-20302.html

https://www.suse.com/security/cve/CVE-2021-20303.html

https://www.suse.com/security/cve/CVE-2021-20304.html

https://www.suse.com/security/cve/CVE-2021-3476.html

https://bugzilla.suse.com/1188457

https://bugzilla.suse.com/1188458

https://bugzilla.suse.com/1188459

https://bugzilla.suse.com/1188460

https://bugzilla.suse.com/1188461

https://bugzilla.suse.com/1188462

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1198-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory heap overflow important update openSUSE out-of-memory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here