openSUSE Security Update : openexr (openSUSE-2018-229)
Medium Nessus Plugin ID 107184
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for openexr fixes the following issues :
- CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107)
- CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114)
- CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522)
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected openexr packages.