Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2159-1

Опубликовано: 24 июн. 2021
Источник: suse-cvrf

Описание

Security update for openexr

This update for openexr fixes the following issues:

  • Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer
  • Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
  • Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars

Список пакетов

HPE Helion OpenStack 8
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP3-BCL
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP5
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE Linux Enterprise Software Development Kit 12 SP5
openexr-devel-2.1.0-6.34.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libIlmImf-Imf_2_1-21-32bit-2.1.0-6.34.1
SUSE OpenStack Cloud 8
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE OpenStack Cloud 9
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE OpenStack Cloud Crowbar 8
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1
SUSE OpenStack Cloud Crowbar 9
libIlmImf-Imf_2_1-21-2.1.0-6.34.1
openexr-2.1.0-6.34.1

Ссылки

Описание

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

Затронутые продукты
HPE Helion OpenStack 8:libIlmImf-Imf_2_1-21-2.1.0-6.34.1
HPE Helion OpenStack 8:openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL:libIlmImf-Imf_2_1-21-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL:openexr-2.1.0-6.34.1
Ссылки

Описание

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Затронутые продукты
HPE Helion OpenStack 8:libIlmImf-Imf_2_1-21-2.1.0-6.34.1
HPE Helion OpenStack 8:openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL:libIlmImf-Imf_2_1-21-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL:openexr-2.1.0-6.34.1
Ссылки

Описание

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Затронутые продукты
HPE Helion OpenStack 8:libIlmImf-Imf_2_1-21-2.1.0-6.34.1
HPE Helion OpenStack 8:openexr-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL:libIlmImf-Imf_2_1-21-2.1.0-6.34.1
SUSE Linux Enterprise Server 12 SP2-BCL:openexr-2.1.0-6.34.1
Ссылки