From d4c4a128904601416fe6b2663ba5e3ef91394c37 Mon Sep 17 00:00:00 2001 From: GLSAMaker Date: Mon, 31 Oct 2022 01:28:08 +0000 Subject: [ GLSA 202210-31 ] OpenEXR: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/787452 Bug: https://bugs.gentoo.org/801373 Bug: https://bugs.gentoo.org/810541 Bug: https://bugs.gentoo.org/817431 Bug: https://bugs.gentoo.org/830384 Bug: https://bugs.gentoo.org/838079 Signed-off-by: GLSAMaker Signed-off-by: John Helmert III --- glsa-202210-31.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 glsa-202210-31.xml diff --git a/glsa-202210-31.xml b/glsa-202210-31.xml new file mode 100644 index 00000000..2c913f0d --- /dev/null +++ b/glsa-202210-31.xml @@ -0,0 +1,53 @@ + + + + OpenEXR: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. + openexr + 2022-10-31 + 2022-10-31 + 838079 + 830384 + 817431 + 810541 + 801373 + 787452 + remote + + + 3.1.5 + 3.1.5 + + + +

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

+
+ +

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All OpenEXR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openexr-3.1.5" + +
+ + CVE-2021-3598 + CVE-2021-3605 + CVE-2021-3933 + CVE-2021-3941 + CVE-2021-20304 + CVE-2021-23169 + CVE-2021-45942 + + ajak + ajak +
\ No newline at end of file -- cgit v1.2.3-65-gdbad