Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 514
Alerts This Week
Warning Icon 1 514

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 50 articles for you...
217

Oracle Linux 9: ELSA-2024-9548 critical: openexr buffer overflow

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-9548 http://linux.oracle.com/errata/ELSA-2024-9548.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openexr-3.1.1-2.el9_5.1.x86_64.rpm openexr-libs-3.1.1-2.el9_5.1.i686.rpm openexr-libs-3.1.1-2.el9_5.1.x86_64.rpm openexr-devel-3.1.1-2.el9_5.1.i686.rpm openexr-devel-3.1.1-2.el9_5.1.x86_64.rpm aarch64: openexr-3.1.1-2.el9_5.1.aarch64.rpm openexr-libs-3.1.1-2.el9_5.1.aarch64.rpm openexr-devel-3.1.1-2.el9_5.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//openexr-3.1.1-2.el9_5.1.src.rpm Related CVEs: CVE-2023-5841 Description of changes: [3.1.1-2.1] - fix CVE-2023-5481 (RHEL-64162) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2024-9548 discusses openexr updates addressing CVE-2023-5841.. Oracle Linux Updates, Openexr Security Fixes, Linux RPM Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 21, 2024 Critical Oracle
219

Rocky Linux 9 RLSA-2024:9548 Important: openexr heap overflow

Important: openexr security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:9548", "synopsis": "Important: openexr security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for openexr.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* OpenEXR: Heap Overflow in Scanline Deep Data Parsing (CVE-2023-5841)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2262397", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262397", "description": ""}], "cves": [{"name": "CVE-2023-5841", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-5841", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-11-19T16:02:19.758877Z", "rpms": {"Rocky Linux 9": {"nvras": ["openexr-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-0:3.1.1-2.el9_4.1.src.rpm", "openexr-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.ppc64le.rpm","openexr-debugsource-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. The recent OpenEXR security patch for Rocky Linux fixes a critical buffer overflow vulnerability. Please ensure your systems remain protected.. openexr update, Rocky Linux security, heap overflow, software update, important security fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 19, 2024 Important Rocky Linux
219

Rocky Linux 9 RLSA-2024:8800 Important: OpenEXR Heap Overflow

Important: openexr security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:8800", "synopsis": "Important: openexr security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for openexr.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* OpenEXR: Heap Overflow in Scanline Deep Data Parsing (CVE-2023-5841)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2262397", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262397", "description": ""}], "cves": [{"name": "CVE-2023-5841", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-5841", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-11-08T15:57:54.689249Z", "rpms": {"Rocky Linux 9": {"nvras": ["openexr-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-0:3.1.1-2.el9_4.1.src.rpm", "openexr-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.ppc64le.rpm","openexr-debugsource-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-debugsource-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-devel-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.i686.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-0:3.1.1-2.el9_4.1.x86_64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.aarch64.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.ppc64le.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.s390x.rpm", "openexr-libs-debuginfo-0:3.1.1-2.el9_4.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux has released a critical security patch for OpenEXR that tackles a heap overflow vulnerability impacting version 9.. openexr update, heap overflow fix, Rocky Linux security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 08, 2024 Important Rocky Linux
217

Oracle Linux 9 ELSA-2024-8800 Important: Openexr Security Fix

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8800 http://linux.oracle.com/errata/ELSA-2024-8800.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openexr-3.1.1-2.el9_4.1.x86_64.rpm openexr-libs-3.1.1-2.el9_4.1.i686.rpm openexr-libs-3.1.1-2.el9_4.1.x86_64.rpm openexr-devel-3.1.1-2.el9_4.1.i686.rpm openexr-devel-3.1.1-2.el9_4.1.x86_64.rpm aarch64: openexr-3.1.1-2.el9_4.1.aarch64.rpm openexr-libs-3.1.1-2.el9_4.1.aarch64.rpm openexr-devel-3.1.1-2.el9_4.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//openexr-3.1.1-2.el9_4.1.src.rpm Related CVEs: CVE-2023-5841 Description of changes: [3.1.1-2.1] - fix CVE-2023-5481 (RHEL-64162) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2024-8801 covers essential updates and security improvements related to libpng, ensuring enhanced protection for users.. Oracle Linux 9, openexr updates, Security Advisory, important fixes, Linux Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 05, 2024 Important Oracle
197

Debian 10: DLA-3236-1 Moderate: OpenEXR Denial Of Service Risk

Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3236-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany December 12, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : openexr Version : 2.2.1-4.1+deb10u2 CVE ID : CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941 CVE-2021-20296 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942 Debian Bug : 986796 992703 990450 990899 1014828 Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed. For Debian 10 buster, these problems have been fixed in version 2.2.1-4.1+deb10u2. We recommend that you upgrade your openexr packages. For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/openexr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhancing OpenEXR is vital to address various vulnerabilities, such as threats from stack smashing.. openexrsecurity update,debian packages,application crash. . LinuxSecurity.com Team

Calendar%202 Dec 12, 2022 Debian LTS
87

Debian 11 DSA-5299-1 Critical OpenEXR Buffer Overflow Risk

Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5299-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany December 10, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openexr CVE ID : CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942 Debian Bug : 992703 990450 990899 1014828 1014828 Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed. For the stable distribution (bullseye), these problems have been fixed in version 2.5.4-2+deb11u1. We recommend that you upgrade your openexr packages. For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/openexr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous vulnerabilities detected in OpenEXR may lead to software failures; it is crucial to update openexr packages without delay.. Debian Security Advisory, OpenEXR Update, Buffer Overflow Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 10, 2022 Critical Debian
91

Gentoo: GLSA-202210-32 Elevated Risk: OpenEXR Remote Code Vulnerabilities

Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenEXR: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #838079, #830384, #817431, #810541, #801373, #787452 ID: 202210-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. Background ========= OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/openexr < 3.1.5 > = 3.1.5 Description ========== Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All OpenEXR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/openexr-3.1.5" References ========= [ 1 ] CVE-2021-3598 https://nvd.nist.gov/vuln/detail/CVE-2021-3598 [ 2 ] CVE-2021-3605 https://nvd.nist.gov/vuln/detail/CVE-2021-3605 [ 3 ] CVE-2021-3933 https://nvd.nist.gov/vuln/detail/CVE-2021-3933 [ 4 ]CVE-2021-3941 https://nvd.nist.gov/vuln/detail/CVE-2021-3941 [ 5 ] CVE-2021-20304 https://nvd.nist.gov/vuln/detail/CVE-2021-20304 [ 6 ] CVE-2021-23169 https://nvd.nist.gov/vuln/detail/CVE-2021-23169 [ 7 ] CVE-2021-45942 https://nvd.nist.gov/vuln/detail/CVE-2021-45942 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-31 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . OpenEXR identified several vulnerabilities, with one posing a risk of arbitrary code execution. It's recommended to update to reduce potential threats.. OpenEXR Update, Code Execution Threat, Gentoo Advisory. . LinuxSecurity.com Team

Calendar%202 Oct 30, 2022 Gentoo
100

SUSE Linux: 2022:0062-2 Critical: OpenEXR Buffer Overflow

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0062-2 Rating: important References: #1194333 Cross-References: CVE-2021-45942 CVSS scores: CVE-2021-45942 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-62=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libIlmImf-2_2-23-2.2.1-3.41.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.41.1 libIlmImfUtil-2_2-23-2.2.1-3.41.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.41.1 openexr-debuginfo-2.2.1-3.41.1 openexr-debugsource-2.2.1-3.41.1 openexr-devel-2.2.1-3.41.1 References: https://www.suse.com/security/cve/CVE-2021-45942.html https://bugzilla.suse.com/1194333 . SUSE has released a security patch for openexr that resolves a critical buffer overflow vulnerability. Make sure your system is updated immediately.. SUSE Linux, OpenEXR, Security Patch, Critical Update, Buffer Overflow. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 14, 2022 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200