Article <FBbcZ-9JNN-1@gated-at.bofh.it>

Deutsch English Français Italiano
<FBbcZ-9JNN-1@gated-at.bofh.it>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder8.news.weretis.net!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod
From: Markus Koschany <apo@debian.org>
Newsgroups: linux.debian.announce.security
Subject: [SECURITY] [DSA 5299-1] openexr security update
Date: Sat, 10 Dec 2022 17:50:01 +0100
Message-ID: <FBbcZ-9JNN-1@gated-at.bofh.it>
X-Original-To: debian-security-announce@lists.debian.org
X-Mailbox-Line: From debian-security-announce-request@lists.debian.org  Sat Dec 10 16:45:25 2022
Old-Return-Path: <apo@seger.debian.org>
X-Amavis-Spam-Status: No, score=-116.705 tagged_above=-10000 required=5.3
	tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.515,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5,
	PGPSIGNATURE=-5, RCVD_IN_DNSWL_HI=-5, USER_IN_DKIM_WELCOMELIST=-0.01,
	USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no
Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date
	:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	In-Reply-To:References; bh=E1TQpZ3iQ2wtbhyoo5PlJUabtHw+N08DU1u+QpmsxkQ=; b=aj
	QDkRFqvY8c5MS2w5NEGbha0Jb73cKd0jn4EVFEu9w3bJqkGTp1EpgCguOzzxlKBJytT+krUf02Ghm
	st3F23kDw9ZKIVwwSEljEj+A5RDMVnDMEmRIgAj+HxsTuidUn1PYBQFAn4KkNu827940Z6jHPtI4Q
	bj8NjJPykG1TOsVx1fr2RfaXlkcOW353yshQt0HPHN/WNpE65SrAFuLvyDymFpFymZ/l4SL2Wmmds
	x2oZLaPzOchIcI/cbFihbue5ixsA7ks+uX9jtlxFuqi692WiXrl6dFWv2HyhDlrKtOwIJNol0A3es
	rR2R4fQuOWdLMxS5byylpPoM17tW/giw==;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debian: PGP check passed for security officers
Priority: urgent
X-Debian: PGP check passed for security officers
Reply-To: debian-security-announce-request@lists.debian.org
X-Mailing-List: <debian-security-announce@lists.debian.org> archive/latest/4199
List-ID: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Archive: https://lists.debian.org/msgid-search/Y5SzgqwId9geRtt7@seger.debian.org
Approved: robomod@news.nic.it
Lines: 51
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Sat, 10 Dec 2022 16:27:46 +0000
X-Original-Message-ID: <Y5SzgqwId9geRtt7@seger.debian.org>
Bytes: 4861

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5299-1                   security@debian.org
https://www.debian.org/security/                          Markus Koschany
December 10, 2022                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openexr
CVE ID         : CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941
                 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942
Debian Bug     : 992703 990450 990899 1014828 1014828

Multiple security vulnerabilities have been found in OpenEXR, command-line
tools and a library for the OpenEXR image format. Buffer overflows or
out-of-bound reads could lead to a denial of service (application crash) if a
malformed image file is processed.

For the stable distribution (bullseye), these problems have been fixed in
version 2.5.4-2+deb11u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOUsp1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSfCg/9GD/cedF6yXuvTz4E68wdwJSZD+FVs840/miN6I0VBtvaApLUVZbyHd2w
6SjC0G3qdmG8UkczUM/+YFl6O1D6qfLcr4vtZwqgu6SzG9wiA5CyogE1afe9ff1d
bmS7/zv+WZEUUY9oC+px6yLLKOozsiHJlHB1FWcLaYWj+oFGVs83+PU5deErBCXY
bbcR0pv+dMAnodhsyCmLr34nyaPfXUzdEI0cdXA63jJm/hOZAlDkUXLddljBCSDt
GqhNbGDMdgitgxGgYC0MgduaOjprtzxdIJ7KRv4hLJiQB3P3oC2YyyxtCGFRLtKW
X936b8AdGmUjzWeKURogRTuPDaZkO4DRQOZErBrYyxl2tCs4G29b/PQoO/0tPMlM
aAH3ccT1FaSg2StM7VmfYaq8Fom7xoDbkEc76+ZSj3E6khhaZpRE2KENm9k042OE
3y4UQXqYhF/8YKE6WLWBrPhj9kYVHXIBFyKuuZlLXkG2rYsa9Mx11MXfNtRto5ml
8GITQNB53z+LwVmuFVwkBN1wLDJdGpEvuvsm2+xwzvyAtKYPDWIavuoWbIgHeMur
7YS8ZGswgyzbDeMx/DsL+9ZGycIddZFddsE8Ag9fBlYrwIs26kBqGN3Zn9ELOVmW
/w2jcYgAWV9HRxobpP4i73cmPsg7thBSEseeN5ypNYGZSMNWS50=
=S4Eq
-----END PGP SIGNATURE-----