Gentoo Archives: gentoo-announce

From: John Helmert III <ajak@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202107-27 ] OpenEXR: Multiple vulnerabilities
Date: Sun, 11 Jul 2021 02:35:45
Message-Id: YOpX3PViNCypHHmK@sol.nexus.lan
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202107-27
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: OpenEXR: Multiple vulnerabilities
9 Date: July 11, 2021
10 Bugs: #717474, #746794, #762862, #770229, #776808
11 ID: 202107-27
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in OpenEXR, the worst of which
19 could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 OpenEXR is a high dynamic-range (HDR) image file format developed by
25 Industrial Light & Magic for use in computer imaging applications.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-libs/openexr < 2.5.6 >= 2.5.6
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in OpenEXR. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All OpenEXR users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2020-11758
63 https://nvd.nist.gov/vuln/detail/CVE-2020-11758
64 [ 2 ] CVE-2020-11759
65 https://nvd.nist.gov/vuln/detail/CVE-2020-11759
66 [ 3 ] CVE-2020-11760
67 https://nvd.nist.gov/vuln/detail/CVE-2020-11760
68 [ 4 ] CVE-2020-11761
69 https://nvd.nist.gov/vuln/detail/CVE-2020-11761
70 [ 5 ] CVE-2020-11762
71 https://nvd.nist.gov/vuln/detail/CVE-2020-11762
72 [ 6 ] CVE-2020-11763
73 https://nvd.nist.gov/vuln/detail/CVE-2020-11763
74 [ 7 ] CVE-2020-11764
75 https://nvd.nist.gov/vuln/detail/CVE-2020-11764
76 [ 8 ] CVE-2020-11765
77 https://nvd.nist.gov/vuln/detail/CVE-2020-11765
78 [ 9 ] CVE-2020-15304
79 https://nvd.nist.gov/vuln/detail/CVE-2020-15304
80 [ 10 ] CVE-2020-15305
81 https://nvd.nist.gov/vuln/detail/CVE-2020-15305
82 [ 11 ] CVE-2020-15306
83 https://nvd.nist.gov/vuln/detail/CVE-2020-15306
84 [ 12 ] CVE-2021-20296
85 https://nvd.nist.gov/vuln/detail/CVE-2021-20296
86 [ 13 ] CVE-2021-3474
87 https://nvd.nist.gov/vuln/detail/CVE-2021-3474
88 [ 14 ] CVE-2021-3475
89 https://nvd.nist.gov/vuln/detail/CVE-2021-3475
90 [ 15 ] CVE-2021-3476
91 https://nvd.nist.gov/vuln/detail/CVE-2021-3476
92 [ 16 ] CVE-2021-3477
93 https://nvd.nist.gov/vuln/detail/CVE-2021-3477
94 [ 17 ] CVE-2021-3478
95 https://nvd.nist.gov/vuln/detail/CVE-2021-3478
96 [ 18 ] CVE-2021-3479
97 https://nvd.nist.gov/vuln/detail/CVE-2021-3479
98
99 Availability
100 ============
101
102 This GLSA and any updates to it are available for viewing at
103 the Gentoo Security Website:
104
105 https://security.gentoo.org/glsa/202107-27
106
107 Concerns?
108 =========
109
110 Security is a primary focus of Gentoo Linux and ensuring the
111 confidentiality and security of our users' machines is of utmost
112 importance to us. Any security concerns should be addressed to
113 security@g.o or alternatively, you may file a bug at
114 https://bugs.gentoo.org.
115
116 License
117 =======
118
119 Copyright 2021 Gentoo Foundation, Inc; referenced text
120 belongs to its owner(s).
121
122 The contents of this document are licensed under the
123 Creative Commons - Attribution / Share Alike license.
124
125 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature