113
openexr vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 20.04 LTS
* Ubuntu 19.10
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS

Summary

OpenEXR could be made to crash or run programs if it opened a
specially crafted file.

Software Description

* openexr - tools for the OpenEXR image format

Details

It was discovered that OpenEXR incorrectly handled certain
malformed EXR image files. If a user were tricked into opening a
crafted EXR image file, a remote attacker could cause a denial of
service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 20.04 LTS
libopenexr24 - 2.3.0-6ubuntu0.2
openexr - 2.3.0-6ubuntu0.2

Ubuntu 19.10
libopenexr23 - 2.2.1-4.1ubuntu1.2
openexr - 2.2.1-4.1ubuntu1.2

Ubuntu 18.04 LTS
libopenexr22 - 2.2.0-11.1ubuntu1.3
openexr - 2.2.0-11.1ubuntu1.3

Ubuntu 16.04 LTS
libopenexr22 - 2.2.0-10ubuntu2.3
openexr - 2.2.0-10ubuntu2.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2020-15305
* CVE-2020-15306

--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)