Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:15748-2 Critical: Security Updates for OpenEXR Available

suse
Calendar Grey December 1, 2021
Dist Suse Esm H88
The latest patch fixes several security flaws in OpenEXR, significantly improving the robustness and protection of SUSE systems.
An update that fixes 5 vulnerabilities is now available

Summary

This update for OpenEXR fixes the following issues: - CVE-2021-20298: Fixed out-of-memory in B44Compressor (bsc#1188460). - CVE-2021-20300: Fixed integer-overflow in Imf_2_5:hufUncompress (bsc#1188458). - CVE-2021-20303: Fixed heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffe (bsc#1188457). - CVE-2021-20304: Fixed undefined-shift in Imf_2_5:hufDecode (bsc#1188461). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-OpenEXR-14846=1 - SUSE Linux Enterprise Point of Sale 11-SP3:

Topics%20covered

Topics Covered

security advisory security update moderate severity SUSE multiple vulnerabilities OpenEXR

References

#1188457 #1188458 #1188460 #1188461 #1192556

Cross- CVE-2021-20298 CVE-2021-20300 CVE-2021-20303

CVE-2021-20304 CVE-2021-3941

CVSS scores:

CVE-2021-20298 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20300 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2021-20303 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CVE-2021-20304 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2021-3941 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2021-20298.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:14846-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory security update moderate severity SUSE multiple vulnerabilities OpenEXR

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here