Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2021:2793-1

UNKNOWN

Security update for openexr

Published Aug 20, 2021

Modified 4 years ago

Fix available

Details

This update for openexr fixes the following issues:

CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode

Affected Packages

SUSE:Enterprise Storage 6libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Enterprise Storage 6libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Enterprise Storage 6openexr

Fixed in:

2.2.1-3.35.1

SUSE:Enterprise Storage 6openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOSlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOSlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOSopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOSopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-ESPOSlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-ESPOSlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-ESPOSopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-ESPOSopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-LTSSlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-LTSSlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-LTSSopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise High Performance Computing 15-LTSSopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP2libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP2libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP2openexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP2openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3openexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-BCLlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-BCLlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-BCLopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-BCLopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-LTSSlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-LTSSlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-LTSSopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15 SP1-LTSSopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15-LTSSlibIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15-LTSSlibIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15-LTSSopenexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server 15-LTSSopenexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15openexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1openexr

Fixed in:

2.2.1-3.35.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Manager Proxy 4.0libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Manager Proxy 4.0libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Manager Proxy 4.0openexr

Fixed in:

2.2.1-3.35.1

SUSE:Manager Proxy 4.0openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Manager Retail Branch Server 4.0libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Manager Retail Branch Server 4.0libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Manager Retail Branch Server 4.0openexr

Fixed in:

2.2.1-3.35.1

SUSE:Manager Retail Branch Server 4.0openexr-devel

Fixed in:

2.2.1-3.35.1

SUSE:Manager Server 4.0libIlmImf-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Manager Server 4.0libIlmImfUtil-2_2-23

Fixed in:

2.2.1-3.35.1

SUSE:Manager Server 4.0openexr

Fixed in:

2.2.1-3.35.1

SUSE:Manager Server 4.0openexr-devel

Fixed in:

2.2.1-3.35.1

References

REPORThttps://bugzilla.suse.com/1188457 REPORThttps://bugzilla.suse.com/1188458 REPORThttps://bugzilla.suse.com/1188459 REPORThttps://bugzilla.suse.com/1188460 REPORThttps://bugzilla.suse.com/1188461 REPORThttps://bugzilla.suse.com/1188462 WEBhttps://www.suse.com/security/cve/CVE-2021-20298 WEBhttps://www.suse.com/security/cve/CVE-2021-20299 WEBhttps://www.suse.com/security/cve/CVE-2021-20300 WEBhttps://www.suse.com/security/cve/CVE-2021-20302 WEBhttps://www.suse.com/security/cve/CVE-2021-20303 WEBhttps://www.suse.com/security/cve/CVE-2021-20304 WEBhttps://www.suse.com/security/cve/CVE-2021-3476 ADVISORYhttps://www.suse.com/support/update/announcement/2021/suse-su-20212793-1/

Upstream

CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476

Related

CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476

Ecosystems

SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP3 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

Timeline

PublishedAug 20, 2021

ModifiedAug 20, 2021

SUSE-SU-2021:2793-1 | Mondoo Vulnerability Intelligence