SUSE-SU-2021:2793-1

Details

This update for openexr fixes the following issues:

CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode

Affected Packages

libIlmImf-2_2-23

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

2.2.1-3.35.1

libIlmImfUtil-2_2-23

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

2.2.1-3.35.1

openexr

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

2.2.1-3.35.1

openexr-devel

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

2.2.1-3.35.1

References

REPORT

https://bugzilla.suse.com/1188457

REPORT

https://bugzilla.suse.com/1188458

REPORT

https://bugzilla.suse.com/1188459

REPORT

https://bugzilla.suse.com/1188460

REPORT