Security update for openexr SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1826-1 Final 1 1 2019-08-01T15:22:25Z current 2019-08-01T15:22:25Z 2019-08-01T15:22:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openexr This update for openexr fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1826 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html E-Mail link for openSUSE-SU-2019:1826-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1040109 SUSE Bug 1040109 https://bugzilla.suse.com/1040113 SUSE Bug 1040113 https://bugzilla.suse.com/1040115 SUSE Bug 1040115 https://www.suse.com/security/cve/CVE-2017-9111/ SUSE CVE CVE-2017-9111 page https://www.suse.com/security/cve/CVE-2017-9113/ SUSE CVE CVE-2017-9113 page https://www.suse.com/security/cve/CVE-2017-9115/ SUSE CVE CVE-2017-9115 page openSUSE Leap 15.1 libIlmImf-2_2-23-2.2.1-lp151.4.3.1 libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3.1 libIlmImfUtil-2_2-23-2.2.1-lp151.4.3.1 libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3.1 openexr-2.2.1-lp151.4.3.1 openexr-devel-2.2.1-lp151.4.3.1 openexr-doc-2.2.1-lp151.4.3.1 libIlmImf-2_2-23-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libIlmImfUtil-2_2-23-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 openexr-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 openexr-devel-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 openexr-doc-2.2.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. CVE-2017-9111 openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html https://www.suse.com/security/cve/CVE-2017-9111.html CVE-2017-9111 https://bugzilla.suse.com/1040109 SUSE Bug 1040109 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. CVE-2017-9113 openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html https://www.suse.com/security/cve/CVE-2017-9113.html CVE-2017-9113 https://bugzilla.suse.com/1040113 SUSE Bug 1040113 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. CVE-2017-9115 openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.3.1 openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html https://www.suse.com/security/cve/CVE-2017-9115.html CVE-2017-9115 https://bugzilla.suse.com/1040115 SUSE Bug 1040115