Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466).
- CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467).
- CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libIlmImf-Imf_2_1-21-2.1.0-6.23.1
openexr-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libIlmImf-Imf_2_1-21-2.1.0-6.23.1
openexr-2.1.0-6.23.1
SUSE Linux Enterprise Software Development Kit 12 SP5
openexr-devel-2.1.0-6.23.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libIlmImf-Imf_2_1-21-32bit-2.1.0-6.23.1
Ссылки
- Link for SUSE-SU-2020:1984-1
- E-Mail link for SUSE-SU-2020:1984-1
- SUSE Security Ratings
- SUSE Bug 1173466
- SUSE Bug 1173467
- SUSE Bug 1173469
- SUSE CVE CVE-2020-15304 page
- SUSE CVE CVE-2020-15305 page
- SUSE CVE CVE-2020-15306 page
Описание
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.23.1
SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.23.1
Ссылки
- CVE-2020-15304
- SUSE Bug 1173466
Описание
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.23.1
SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.23.1
Ссылки
- CVE-2020-15305
- SUSE Bug 1173467
Описание
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.23.1
SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.23.1
Ссылки
- CVE-2020-15306
- SUSE Bug 1173469