OpenEXR-1.7.1-8.el7
エラータID: AXSA:2020-656:02
リリース日:
2020/10/09 Friday - 11:55
題名:
OpenEXR-1.7.1-8.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenEXR の ImfFastHuf.cpp には、FastHufDecoder::refill によって
実証されるように、ハフマン圧縮されたデータを復号する際に、
境界外読み込みが可能な脆弱性があります。(CVE-2020-11761)
- OpenEXR には、ImfTileOffsets.cpp で実証されるように、 std::vector の
境界外読み込み、書き込みが可能な脆弱性があります。(CVE-2020-11763)
- OpenEXR の ImfMisc.cpp の copyIntoFrameBuffer には、境界外書き込みが
可能な脆弱性があります。(CVE-2020-11764)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-11761
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
CVE-2020-11763
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11764
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
追加情報:
N/A
ダウンロード:
SRPMS
- OpenEXR-1.7.1-8.el7.src.rpm
MD5: a5b1485cc97dea7f246ac8b9a07bc7fc
SHA-256: 60cbc6af608249f449e83519a7f0dcf0c2164213e061318dbdb78858f64a06b3
Size: 12.93 MB
Asianux Server 7 for x86_64
- OpenEXR-libs-1.7.1-8.el7.x86_64.rpm
MD5: 869c17afa3dd3657e52e3998d588fb60
SHA-256: a4c168ffb4169234c7d6d7d3873a46dea9c9daa5b004bb2b9c757e364cf04890
Size: 216.08 kB - OpenEXR-libs-1.7.1-8.el7.i686.rpm
MD5: 44aab1a8b92568acae9f6ab3d0a65471
SHA-256: 695c76fcc87c752b7f833d63298ba2edecb7d100af2619fae15e36e444396da6
Size: 221.74 kB
English