Oval Definition:oval:org.opensuse.security:def:110542
Revision Date:2020-05-22Version:1
Title:Security update for openexr (Moderate)
Description:

This update for openexr provides the following fix:

Security issues fixed:

- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575). - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549). - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578). - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580). - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).

Non-security issue fixed:

- Enable tests when building the package on x86_64. (bsc#1146648)

This update was imported from the SUSE:SLE-15:Update update project.
Family:unixClass:patch
Status:Reference(s):1146648
1169549
1169573
1169574
1169575
1169576
1169578
1169580
CVE-2020-11758
CVE-2020-11760
CVE-2020-11761
CVE-2020-11762
CVE-2020-11763
CVE-2020-11764
CVE-2020-11765
openSUSE-SU-2020:0682-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libIlmImf-2_2-23-2.2.1-lp151.4.9.1 is installed
  • OR libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1 is installed
  • OR libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1 is installed
  • OR libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1 is installed
  • OR openexr-2.2.1-lp151.4.9.1 is installed
  • OR openexr-devel-2.2.1-lp151.4.9.1 is installed
  • OR openexr-doc-2.2.1-lp151.4.9.1 is installed
    • BACK