[ubuntu/bionic-updates] openexr 2.2.0-11.1ubuntu1.6 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Apr 1 18:28:42 UTC 2021 

openexr (2.2.0-11.1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: shift overflow in FastHufDecoder
    - debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64
      bit to prevent shift overflow in IlmImf/ImfFastHuf.cpp.
    - CVE-2021-3474
  * SECURITY UPDATE: integer overflow in calculateNumTiles
    - debian/patches/CVE-2021-3475.patch: compute level size with 64 bits
      to avoid overflow in IlmImf/ImfTiledMisc.cpp.
    - CVE-2021-3475
  * SECURITY UPDATE: shift overflows
    - debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode
      detection in IlmImf/ImfB44Compressor.cpp.
    - CVE-2021-3476
  * SECURITY UPDATE: out-of-bounds read via deep tile sample size
    - debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile
      sample table size in IlmImf/ImfDeepTiledInputFile.cpp.
    - CVE-2021-3477
  * SECURITY UPDATE: memory consumption via input file
    - debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for
      scanline files; prevent large chunkoffset allocations in
      IlmImf/ImfCompressor.cpp, IlmImf/ImfCompressor.h, IlmImf/ImfMisc.cpp,
      IlmImf/ImfMultiPartInputFile.cpp, IlmImf/ImfScanLineInputFile.cpp.
    - debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput
      bytesPerLine instead of lineOffset size in
      IlmImf/ImfScanLineInputFile.cpp.
    - CVE-2021-3478
  * SECURITY UPDATE: memory consumption in scanline API
    - debian/patches/CVE-2021-3479-pre1.patch: address issues reported by
      Undefined Behavior Sanitizer in IlmImf/ImfInputFile.cpp.
    - debian/patches/CVE-2021-3479.patch: more efficient handling of filled
      channels reading tiles with scanline API in IlmImf/ImfInputFile.cpp,
      IlmImfTest/testScanLineApi.cpp.
    - CVE-2021-3479

Date: 2021-04-01 14:10:31.026367+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list