1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5299-1] openexr security update

    From Markus Koschany@21:1/5 to All on Sat Dec 10 17:50:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5299-1 security@debian.org https://www.debian.org/security/ Markus Koschany December 10, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : openexr
    CVE ID : CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941
    CVE-2021-23215 CVE-2021-26260 CVE-2021-45942
    Debian Bug : 992703 990450 990899 1014828 1014828

    Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed.

    For the stable distribution (bullseye), these problems have been fixed in version 2.5.4-2+deb11u1.

    We recommend that you upgrade your openexr packages.

    For the detailed security status of openexr please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/openexr

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOUsp1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSfCg/9GD/cedF6yXuvTz4E68wdwJSZD+FVs840/miN6I0VBtvaApLUVZbyHd2w 6SjC0G3qdmG8UkczUM/+YFl6O1D6qfLcr4vtZwqgu6SzG9wiA5CyogE1afe9ff1d bmS7/zv+WZEUUY9oC+px6yLLKOozsiHJlHB1FWcLaYWj+oFGVs83+PU5deErBCXY bbcR0pv+dMAnodhsyCmLr34nyaPfXUzdEI0cdXA63jJm/hOZAlDkUXLddljBCSDt GqhNbGDMdgitgxGgYC0MgduaOjprtzxdIJ7KRv4hLJiQB3P3oC2YyyxtCGFRLtKW X936b8AdGmUjzWeKURogRTuPDaZkO4DRQOZErBrYyxl2tCs4G29b/PQoO/0tPMlM aAH3ccT1FaSg2StM7VmfYaq8Fom7xoDbkEc76+ZSj3E6khhaZpRE2KENm9k042OE 3y4UQXqYhF/8YKE6WLWBrPhj9kYVHXIBFyKuuZlLXkG2rYsa9Mx11MXfNtRto5ml 8GITQNB53z+LwVmuFVwkBN1wLDJdGpEvuvsm2+xwzvyAtKYPDWIavuoWbIgHeMur 7YS8ZGswgyzbDeMx/DsL+9ZGycIddZFddsE8Ag9fBlYrwIs26kBqGN3Zn9ELOVmW /w2jcYgAWV9HRxobpP4i73cmPsg7thBSEseeN5ypNYGZSMNWS50=
    =S4Eq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)