Mageia alert MGASA-2021-0326 (openexr)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2021-0326: Updated openexr packages fix security vulnerabilities | |
| Date: | Sat, 10 Jul 2021 14:58:01 +0200 | |
| Message-ID: | <20210710125801.6572AA0ECA@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2021-0326 - Updated openexr packages fix security vulnerabilities Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0326.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-3479, CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23169, CVE-2021-23215, CVE-2021-26260 Description: Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code (CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-3479, CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23169, CVE-2021-23215, CVE-2021-26260). References: - https://bugs.mageia.org/show_bug.cgi?id=29005 - https://www.openexr.com/ - https://ubuntu.com/security/notices/USN-4900-1 - https://ubuntu.com/security/notices/USN-4996-1 - https://lists.fedoraproject.org/archives/list/package-ann... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3474 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3475 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3476 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3477 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3478 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3479 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... SRPMS: - 8/core/openexr-2.5.7-1.mga8 - 7/core/openexr-2.3.0-2.4.mga7