[slackware-security] openexr

🗓️ 01 Oct 2017 20:31:10Reported by Slackware Linux ProjectType

slackware

slackware🔗 www.slackware.com👁 44 Views

New openexr package available for Slackware 14.2 and -current to fix security issues

Reporter	Title	Published	Views	Family All 201
FreeBSD	OpenEXR -- multiple remote code execution and denial of service vulnerabilities	12 Jan 201700:00	–	freebsd
AlpineLinux	CVE-2017-9110	21 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-9111	21 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-9112	21 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-9113	21 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-9114	21 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-9115	21 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-9116	21 May 201718:00	–	alpinelinux
BDU FSTEC	The vulnerability of the uncompress function in ImfZip.cpp of the OpenEXR library, which allows a hacker to trigger a service failure	12 Jan 201800:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the operator function in the half.h component of software for storing OpenEXR images, which has a wide dynamic range of brightness levels. This vulnerability arises from the operation exceeding the permissible buffer data size, allowing an attacker to access confidential information or cause system failures.	8 Jul 202100:00	–	bdu_fstec

OS	OS Version	Architecture	Package	Package Version	Filename
Slackware	14.2	i586	openexr	2.2.0	openexr-2.2.0-i586-2_slack14.2.txz
Slackware	14.2	x86_64	openexr	2.2.0	openexr-2.2.0-x86_64-2_slack14.2.txz
Slackware	current	i586	openexr	2.2.0	openexr-2.2.0-i586-2.txz
Slackware	current	x86_64	openexr	2.2.0	openexr-2.2.0-x86_64-2.txz

01 Oct 2017 20:31Current

8.3High risk

Vulners AI Score8.3

CVSS 26.8

CVSS 38.8

EPSS0.0331

openexr slackware 14.2 -current security fix package upgrade cve-2017-9110 cve-2017-9111 cve-2017-9112 program crashes arbitrary code