Stay Secure with the Latest Linux Advisories

security advisoryFedoracritical update

Fedora 39: 2023-a0d9f1d7ae Urgent Patch for Libjpeg-Turbo Buffer Underflow

Upstream patch to fix CVE-2022-34300 Fixes rhbz#2233636. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-3e092b3938 2023-09-07 01:27:49.830003 -------------------------------------------------------------------------------- Name : tinyexr Product : Fedora 38 Version : 1.0.1 Release : 7.fc38 URL : https://github.com/syoyo/tinyexr Summary : Small library to load and save OpenEXR images Description : TinyEXR is a small library to load and save OpenEXR images. It supports the version 1 format and version 2 multi-part images, and it has partial support for version 2 deep images. -------------------------------------------------------------------------------- Update Information: Upstream patch to fix CVE-2022-34300 Fixes rhbz#2233636 -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 29 2023 Diego Herrera - 1.0.1-7 - Patch to fix CVE-2022-34300 * Sat Jul 22 2023 Fedora Release Engineering - 1.0.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2233636 - CVE-2022-34300 tinyexr: heap-based buffer over-read in tinyexr::DecodePixelData [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2233636 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-3e092b3938' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Upgrade tinyexr on Fedora 38 to fix heap overflow issue found in CVE-2022-34300. Immediate action recommended.. Fedora 38,tinyexr update,security patch,software library. . Severity: Important. LinuxSecurity.com Team

Sep 07, 2023 •Important Fedora