[gentoo-announce] [ GLSA 202107-27 ] OpenEXR: Multiple vulnerabilities

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202107-27 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – security.gentoo.org/ – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis ========
Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.
Background ==========
OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.
Affected packages =================
——————————————————————- Package / Vulnerable / Unaffected ——————————————————————- 1 media-libs/openexr < 2.5.6 >= 2.5.6
Description ===========
Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.
Impact ======
Please review the referenced CVE identifiers for details.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All OpenEXR users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=media-libs/openexr-2.5.6”
References ==========
[ 1 ] CVE-2020-11758 nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 nvd.nist.gov/vuln/detail/CVE-2021-3479
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
security.gentoo.org/glsa/202107-27
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users’ machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at bugs.gentoo.org.
License =======
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons – Attribution / Share Alike license.
creativecommons.org/licenses/by-sa/2.5