• OpenEXR vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Mon Apr 27 16:10:03 2020
    openexr vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in OpenEXR.

    Software Description

    * openexr - tools for the OpenEXR image format

    Details

    Brandon Perry discovered that OpenEXR incorrectly handled certain
    malformed EXR image files. If a user were tricked into opening a
    crafted EXR image file, a remote attacker could cause a denial of
    service, or possibly execute arbitrary code. This issue only
    applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113,
    CVE-2017-9115)

    Tan Jie discovered that OpenEXR incorrectly handled certain
    malformed EXR image files. If a user were tricked into opening a
    crafted EXR image file, a remote attacker could cause a denial of
    service, or possibly execute arbitrary code. This issue only
    applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

    Samuel Gro** discovered that OpenEXR incorrectly handled certain
    malformed EXR image files. If a user were tricked into opening a
    crafted EXR image file, a remote attacker could cause a denial of
    service, or possibly execute arbitrary code. (CVE-2020-11758,
    CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762,
    CVE-2020-11763, CVE-2020-11764)

    It was discovered that OpenEXR incorrectly handled certain
    malformed EXR image files. If a user were tricked into opening a
    crafted EXR image file, a remote attacker could cause a denial of
    service. (CVE-2020-11765)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04
    libopenexr24 - 2.3.0-6ubuntu0.1
    openexr - 2.3.0-6ubuntu0.1

    Ubuntu 19.10
    libopenexr23 - 2.2.1-4.1ubuntu1.1
    openexr - 2.2.1-4.1ubuntu1.1

    Ubuntu 18.04 LTS
    libopenexr22 - 2.2.0-11.1ubuntu1.2
    openexr - 2.2.0-11.1ubuntu1.2

    Ubuntu 16.04 LTS
    libopenexr22 - 2.2.0-10ubuntu2.2
    openexr - 2.2.0-10ubuntu2.2

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2017-9111
    * CVE-2017-9113
    * CVE-2017-9115
    * CVE-2018-18444
    * CVE-2020-11758
    * CVE-2020-11759
    * CVE-2020-11760
    * CVE-2020-11761
    * CVE-2020-11762
    * CVE-2020-11763
    * CVE-2020-11764
    * CVE-2020-11765

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Mon Jul 6 20:10:09 2020
    openexr vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    OpenEXR could be made to crash or run programs if it opened a
    specially crafted file.

    Software Description

    * openexr - tools for the OpenEXR image format

    Details

    It was discovered that OpenEXR incorrectly handled certain
    malformed EXR image files. If a user were tricked into opening a
    crafted EXR image file, a remote attacker could cause a denial of
    service, or possibly execute arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libopenexr24 - 2.3.0-6ubuntu0.2
    openexr - 2.3.0-6ubuntu0.2

    Ubuntu 19.10
    libopenexr23 - 2.2.1-4.1ubuntu1.2
    openexr - 2.2.1-4.1ubuntu1.2

    Ubuntu 18.04 LTS
    libopenexr22 - 2.2.0-11.1ubuntu1.3
    openexr - 2.2.0-11.1ubuntu1.3

    Ubuntu 16.04 LTS
    libopenexr22 - 2.2.0-10ubuntu2.3
    openexr - 2.2.0-10ubuntu2.3

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-15305
    * CVE-2020-15306

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)