Описание
Security update for OpenEXR
This update for OpenEXR fixes the following issues:
- Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer
- Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
OpenEXR-1.6.1-83.17.25.1
SUSE Linux Enterprise Server 11 SP4-LTSS
OpenEXR-1.6.1-83.17.25.1
OpenEXR-32bit-1.6.1-83.17.25.1
Ссылки
- Link for SUSE-SU-2021:14757-1
- E-Mail link for SUSE-SU-2021:14757-1
- SUSE Security Ratings
- SUSE Bug 1184354
- SUSE Bug 1187395
- SUSE CVE CVE-2021-3479 page
- SUSE CVE CVE-2021-3605 page
Описание
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:OpenEXR-1.6.1-83.17.25.1
SUSE Linux Enterprise Server 11 SP4-LTSS:OpenEXR-1.6.1-83.17.25.1
SUSE Linux Enterprise Server 11 SP4-LTSS:OpenEXR-32bit-1.6.1-83.17.25.1
Ссылки
- CVE-2021-3479
- SUSE Bug 1184354
- SUSE Bug 1191176
Описание
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:OpenEXR-1.6.1-83.17.25.1
SUSE Linux Enterprise Server 11 SP4-LTSS:OpenEXR-1.6.1-83.17.25.1
SUSE Linux Enterprise Server 11 SP4-LTSS:OpenEXR-32bit-1.6.1-83.17.25.1
Ссылки
- CVE-2021-3605
- SUSE Bug 1187395
- SUSE Bug 1191176