Ubuntu 831-1: OpenEXR vulnerabilities

    Date14 Sep 2009
    CategoryUbuntu
    43
    Posted ByLinuxSecurity Advisories
    Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721) [More...]
    ===========================================================
    Ubuntu Security Notice USN-831-1         September 14, 2009
    openexr vulnerabilities
    CVE-2009-1720, CVE-2009-1721, CVE-2009-1722
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      libopenexr2ldbl                 1.2.2-4.4ubuntu1.1
    
    Ubuntu 8.10:
      libopenexr6                     1.6.1-3ubuntu1.8.10.1
    
    Ubuntu 9.04:
      libopenexr6                     1.6.1-3ubuntu1.9.04.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Drew Yao discovered several flaws in the way OpenEXR handled certain
    malformed EXR image files. If a user were tricked into opening a crafted
    EXR image file, an attacker could cause a denial of service via application
    crash, or possibly execute arbitrary code with the privileges of the user
    invoking the program. (CVE-2009-1720, CVE-2009-1721)
    
    It was discovered that OpenEXR did not properly handle certain malformed
    EXR image files. If a user were tricked into opening a crafted EXR image
    file, an attacker could cause a denial of service via application crash, or
    possibly execute arbitrary code with the privileges of the user invoking
    the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.diff.gz
          Size/MD5:    14554 bcb5ecaf21b59a7710683a68aba0bb2b
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.dsc
          Size/MD5:      854 79f78a28a14dc93802a157e8e07da8b2
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2.orig.tar.gz
          Size/MD5:  9324108 a2e56af78dc47c7294ff188c8f78394b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_amd64.deb
          Size/MD5:   520502 bc8ae0a36129711cf8d3fe76ce9ba08a
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_amd64.deb
          Size/MD5:   286262 9f04235664daaae9a7f7e7b73380c48c
        http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_amd64.deb
          Size/MD5:   734166 1f69f5a3df60c97112ae6cd10703c57e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_i386.deb
          Size/MD5:   489298 bf984b8b16376d340a740e53604cfdac
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_i386.deb
          Size/MD5:   287666 f450d951805adacac919a4200e4079c8
        http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_i386.deb
          Size/MD5:   731418 50a185e5cbef2dde80897bd3b794bca5
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_lpia.deb
          Size/MD5:   489194 c3204af1c07b5e8d91c77e8afc7f493b
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_lpia.deb
          Size/MD5:   287298 7c2fc36791080636a0bbe7278ed42555
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_lpia.deb
          Size/MD5:   731534 57578bfd60be8abf7fcda8d5bafef26f
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_powerpc.deb
          Size/MD5:   589576 90a3f35339b108824d79a0f0107a12cf
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_powerpc.deb
          Size/MD5:   364716 0887057dc3b0d4e0ffee844453729327
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_powerpc.deb
          Size/MD5:   754718 f7392e608b57a36e331a6fd704fd0345
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_sparc.deb
          Size/MD5:   538130 448b7ce51d6dd79d945da1e3e79558f1
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_sparc.deb
          Size/MD5:   348778 438f6f0bf164bfbfc5d6231ae9812d61
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_sparc.deb
          Size/MD5:   732896 b3032617d77a87167a5b324df68cfebc
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.diff.gz
          Size/MD5:    10364 e9b92379d848ea8041bb24f373abce27
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.dsc
          Size/MD5:     1435 447d6de5b9270ee023190c6f6d4c5fd4
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1.orig.tar.gz
          Size/MD5: 13632660 11951f164f9c872b183df75e66de145a
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_amd64.deb
          Size/MD5:   407912 2f3b7facf838d3128cf2c1f0c4e1c815
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_amd64.deb
          Size/MD5:   241494 22b5cb24558e05f772bcacd72235036f
        http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_amd64.deb
          Size/MD5:  2773456 45d601ad97839d69fc59608d9604fdf8
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_i386.deb
          Size/MD5:   381918 9bd3511e0753b8b6f93645fa4aa43f73
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_i386.deb
          Size/MD5:   246430 57dd3cfeaa869d1e841f9464c8ec2902
        http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_i386.deb
          Size/MD5:  2771286 c183b01a23042f8850646fbae7e8ef85
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_lpia.deb
          Size/MD5:   388238 9b356f52196cf4095783f18e7a603e5e
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_lpia.deb
          Size/MD5:   247922 aeac742568e377354f55332ad8b78d06
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_lpia.deb
          Size/MD5:  2772774 c586fcbaf277a38f1d5af05826254663
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_powerpc.deb
          Size/MD5:   424732 2368ddc9d9638ea099e9fc120d652a92
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_powerpc.deb
          Size/MD5:   262556 90531ff5022483bd42440a63bcdcbe34
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_powerpc.deb
          Size/MD5:  2785810 531d8286b0dbed5876de654d9c5a0e15
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.8.10.1_sparc.deb
          Size/MD5:   381484 d265eb57c9803ca3421bbb809151f60d
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.8.10.1_sparc.deb
          Size/MD5:   250576 0d76214dc4310f943241df4cb495abd0
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1_sparc.deb
          Size/MD5:  2772058 c5e289674d121ef825e54f9dc47b00ae
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1.diff.gz
          Size/MD5:    10370 cac945dee35c0411a697b27a46f0e42f
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1.dsc
          Size/MD5:     1435 24179d6fa85e4047aa3dc3c694f155bf
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1.orig.tar.gz
          Size/MD5: 13632660 11951f164f9c872b183df75e66de145a
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_amd64.deb
          Size/MD5:   407908 fc55d45abf5c0c97e71515ecebd528c7
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_amd64.deb
          Size/MD5:   240858 d7f9b1dd22ef238a9ac08f8f207965d9
        http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_amd64.deb
          Size/MD5:  2773408 616015ed9d2bb5ca69f5e41ea6f5efbf
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_i386.deb
          Size/MD5:   381850 e7362ba5c8c7623053e7ba2d64d261c7
        http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_i386.deb
          Size/MD5:   246152 6b5da6b29cd500b56e400909c21b803a
        http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_i386.deb
          Size/MD5:  2771250 266caa9d44e92ccdf8c74affca342a4d
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_lpia.deb
          Size/MD5:   388080 0d501381d79dcbd662a2f0dcde11baf4
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_lpia.deb
          Size/MD5:   247390 829f6cd695b52589edcde2a64cf5e0f1
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_lpia.deb
          Size/MD5:  2772724 f3988f7f58639e1e5cf49beaf08ccfdb
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_powerpc.deb
          Size/MD5:   424104 bfa85703ce1182fdc174811b9e90fc9c
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_powerpc.deb
          Size/MD5:   261896 4b4275c8576aa92bbd48cfe6223b8e3c
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_powerpc.deb
          Size/MD5:  2785844 91802584d1c61f988087a68e8706e72a
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubuntu1.9.04.1_sparc.deb
          Size/MD5:   381044 9adf5c3aa866865b9a8b2273eb40e697
        http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1.9.04.1_sparc.deb
          Size/MD5:   249858 828d97de309d99c0f5a0999174df0e97
        http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1.9.04.1_sparc.deb
          Size/MD5:  2772008 60fd8f4cff249108a15d60c5b0ce119b
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.