Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-9548 http://linux.oracle.com/errata/ELSA-2024-9548.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openexr-3.1.1-2.el9_5.1.x86_64.rpm openexr-libs-3.1.1-2.el9_5.1.i686.rpm openexr-libs-3.1.1-2.el9_5.1.x86_64.rpm openexr-devel-3.1.1-2.el9_5.1.i686.rpm openexr-devel-3.1.1-2.el9_5.1.x86_64.rpm aarch64: openexr-3.1.1-2.el9_5.1.aarch64.rpm openexr-libs-3.1.1-2.el9_5.1.aarch64.rpm openexr-devel-3.1.1-2.el9_5.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//openexr-3.1.1-2.el9_5.1.src.rpm Related CVEs: CVE-2023-5841 Description of changes: [3.1.1-2.1] - fix CVE-2023-5481 (RHEL-64162) _______________________________________________ El-errata mailing list
Important: openexr security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:9548", "synopsis": "Important: openexr security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for openexr.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* OpenEXR: Heap Overflow in Scanline Deep Data Parsing (CVE-2023-5841)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2262397", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262397", "description": ""}], "cves": [{"name": "CVE-2023-5841", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-5841", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-11-19T16:02:19.758877Z", "rpms": {"Rocky Linux 9": {"nvras": ["openexr-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-0:3.1.1-2.el9_4.1.src.rpm", "openexr-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.ppc64le.rpm","openexr-debugsource-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. The recent OpenEXR security patch for Rocky Linux fixes a critical buffer overflow vulnerability. Please ensure your systems remain protected.. openexr update, Rocky Linux security, heap overflow, software update, important security fix. . Severity: Important. LinuxSecurity.com Team
Important: openexr security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:8800", "synopsis": "Important: openexr security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for openexr.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* OpenEXR: Heap Overflow in Scanline Deep Data Parsing (CVE-2023-5841)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2262397", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262397", "description": ""}], "cves": [{"name": "CVE-2023-5841", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-5841", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-11-08T15:57:54.689249Z", "rpms": {"Rocky Linux 9": {"nvras": ["openexr-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-0:3.1.1-2.el9_4.1.src.rpm", "openexr-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.ppc64le.rpm","openexr-debugsource-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux has released a critical security patch for OpenEXR that tackles a heap overflow vulnerability impacting version 9.. openexr update, heap overflow fix, Rocky Linux security. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8800 http://linux.oracle.com/errata/ELSA-2024-8800.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openexr-3.1.1-2.el9_4.1.x86_64.rpm openexr-libs-3.1.1-2.el9_4.1.i686.rpm openexr-libs-3.1.1-2.el9_4.1.x86_64.rpm openexr-devel-3.1.1-2.el9_4.1.i686.rpm openexr-devel-3.1.1-2.el9_4.1.x86_64.rpm aarch64: openexr-3.1.1-2.el9_4.1.aarch64.rpm openexr-libs-3.1.1-2.el9_4.1.aarch64.rpm openexr-devel-3.1.1-2.el9_4.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//openexr-3.1.1-2.el9_4.1.src.rpm Related CVEs: CVE-2023-5841 Description of changes: [3.1.1-2.1] - fix CVE-2023-5481 (RHEL-64162) _______________________________________________ El-errata mailing list
Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3236-1
Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5299-1
Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenEXR: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #838079, #830384, #817431, #810541, #801373, #787452 ID: 202210-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. Background ========= OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/openexr < 3.1.5 > = 3.1.5 Description ========== Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All OpenEXR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/openexr-3.1.5" References ========= [ 1 ] CVE-2021-3598 https://nvd.nist.gov/vuln/detail/CVE-2021-3598 [ 2 ] CVE-2021-3605 https://nvd.nist.gov/vuln/detail/CVE-2021-3605 [ 3 ] CVE-2021-3933 https://nvd.nist.gov/vuln/detail/CVE-2021-3933 [ 4 ]CVE-2021-3941 https://nvd.nist.gov/vuln/detail/CVE-2021-3941 [ 5 ] CVE-2021-20304 https://nvd.nist.gov/vuln/detail/CVE-2021-20304 [ 6 ] CVE-2021-23169 https://nvd.nist.gov/vuln/detail/CVE-2021-23169 [ 7 ] CVE-2021-45942 https://nvd.nist.gov/vuln/detail/CVE-2021-45942 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-31 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0062-2 Rating: important References: #1194333 Cross-References: CVE-2021-45942 CVSS scores: CVE-2021-45942 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-62=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libIlmImf-2_2-23-2.2.1-3.41.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.41.1 libIlmImfUtil-2_2-23-2.2.1-3.41.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.41.1 openexr-debuginfo-2.2.1-3.41.1 openexr-debugsource-2.2.1-3.41.1 openexr-devel-2.2.1-3.41.1 References: https://www.suse.com/security/cve/CVE-2021-45942.html https://bugzilla.suse.com/1194333 . SUSE has released a security patch for openexr that resolves a critical buffer overflow vulnerability. Make sure your system is updated immediately.. SUSE Linux, OpenEXR, Security Patch, Critical Update, Buffer Overflow. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.