SUSE: 2020:1293-1 Moderate: OpenExr Security Issues Addressed
suse
May 18, 2020
An update that solves 7 vulnerabilities and has one errata is now available
Summary
This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575). - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549). - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).
Topics Covered
References
#1146648 #1169549 #1169573 #1169574 #1169575
#1169576 #1169578 #1169580
Cross- CVE-2020-11758 CVE-2020-11760 CVE-2020-11761
CVE-2020-11762 CVE-2020-11763 CVE-2020-11764
CVE-2020-11765
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1
https://www.suse.com/security/cve/CVE-2020-11758.html
https://www.suse.com/security/cve/CVE-2020-11760.html
https://www.suse.com/security/cve/CVE-2020-11761.html
https://www.suse.com/security/cve/CVE-2020-11762.html
https://www.suse.com/security/cve/CVE-2020-11763.html
https://www.suse.com/security/cve/CVE-2020-11764.html
https://www.suse.com/security/cve/CVE-2020-11765.html
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:1293-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!