Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
libIlmImf-Imf_2_1-21-2.1.0-6.13.1
libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1
openexr-2.1.0-6.13.1
SUSE Linux Enterprise Server 12 SP4
libIlmImf-Imf_2_1-21-2.1.0-6.13.1
openexr-2.1.0-6.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libIlmImf-Imf_2_1-21-2.1.0-6.13.1
openexr-2.1.0-6.13.1
SUSE Linux Enterprise Software Development Kit 12 SP4
openexr-devel-2.1.0-6.13.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1
Ссылки
- Link for SUSE-SU-2019:2014-1
- E-Mail link for SUSE-SU-2019:2014-1
- SUSE Security Ratings
- SUSE Bug 1061305
- SUSE CVE CVE-2017-14988 page
Описание
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.13.1
SUSE Linux Enterprise Desktop 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1
SUSE Linux Enterprise Desktop 12 SP4:openexr-2.1.0-6.13.1
SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.13.1
Ссылки
- CVE-2017-14988
- SUSE Bug 1061305