openSUSE-SU-2020:0970-1

Опубликовано: 16 июл. 2020

Источник: suse-cvrf

Описание

Security update for openexr

This update for openexr fixes the following issues:

CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466).
CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467).
CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libIlmImf-2_2-23-2.2.1-lp151.4.12.1

libIlmImf-2_2-23-32bit-2.2.1-lp151.4.12.1

libIlmImfUtil-2_2-23-2.2.1-lp151.4.12.1

libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.12.1

openexr-2.2.1-lp151.4.12.1

openexr-devel-2.2.1-lp151.4.12.1

openexr-doc-2.2.1-lp151.4.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FUTD2GYJ3G62RYFSS36TJTFXLOIB3DAG/
E-Mail link for openSUSE-SU-2020:0970-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173466
SUSE Bug 1173466
https://bugzilla.suse.com/1173467
SUSE Bug 1173467
https://bugzilla.suse.com/1173469
SUSE Bug 1173469
https://www.suse.com/security/cve/CVE-2020-15304/
SUSE CVE CVE-2020-15304 page
https://www.suse.com/security/cve/CVE-2020-15305/
SUSE CVE CVE-2020-15305 page
https://www.suse.com/security/cve/CVE-2020-15306/
SUSE CVE CVE-2020-15306 page

Описание

An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.

Затронутые продукты

openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15304.html
CVE-2020-15304
https://bugzilla.suse.com/1173466
SUSE Bug 1173466

Описание

An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.

Затронутые продукты

openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15305.html
CVE-2020-15305
https://bugzilla.suse.com/1173467
SUSE Bug 1173467

Описание

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

Затронутые продукты

openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.12.1

openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15306.html
CVE-2020-15306
https://bugzilla.suse.com/1173469
SUSE Bug 1173469

openSUSE-SU-2020:0970-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-15304

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-15305

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-15306

Описание

Затронутые продукты

Ссылки