Security update for openexr SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3843-1 Final 1 1 2021-12-01T15:32:18Z current 2021-12-01T15:32:18Z 2021-12-01T15:32:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openexr This update for openexr fixes the following issues: - CVE-2021-3477: Fixed Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). - CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-3843,SUSE-SLE-SDK-12-SP5-2021-3843,SUSE-SLE-SERVER-12-SP5-2021-3843,SUSE-SLE-WE-12-SP5-2021-3843 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213843-1/ Link for SUSE-SU-2021:3843-1 https://lists.suse.com/pipermail/sle-updates/2021-December/020879.html E-Mail link for SUSE-SU-2021:3843-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184353 SUSE Bug 1184353 https://bugzilla.suse.com/1192498 SUSE Bug 1192498 https://bugzilla.suse.com/1192556 SUSE Bug 1192556 https://www.suse.com/security/cve/CVE-2021-3477/ SUSE CVE CVE-2021-3477 page https://www.suse.com/security/cve/CVE-2021-3933/ SUSE CVE CVE-2021-3933 page https://www.suse.com/security/cve/CVE-2021-3941/ SUSE CVE CVE-2021-3941 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 libIlmImf-Imf_2_1-21-2.1.0-6.42.1 libIlmImf-Imf_2_1-21-32bit-2.1.0-6.42.1 libIlmImf-Imf_2_1-21-64bit-2.1.0-6.42.1 openexr-2.1.0-6.42.1 openexr-devel-2.1.0-6.42.1 openexr-doc-2.1.0-6.42.1 libIlmImf-Imf_2_1-21-2.1.0-6.42.1 as a component of SUSE Linux Enterprise Server 12 SP5 openexr-2.1.0-6.42.1 as a component of SUSE Linux Enterprise Server 12 SP5 libIlmImf-Imf_2_1-21-2.1.0-6.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openexr-2.1.0-6.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openexr-devel-2.1.0-6.42.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libIlmImf-Imf_2_1-21-32bit-2.1.0-6.42.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. CVE-2021-3477 SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.42.1 SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.42.1 SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.42.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.42.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213843-1/ https://www.suse.com/security/cve/CVE-2021-3477.html CVE-2021-3477 https://bugzilla.suse.com/1184353 SUSE Bug 1184353 https://bugzilla.suse.com/1184354 SUSE Bug 1184354 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. CVE-2021-3933 SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.42.1 SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.42.1 SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.42.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.42.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213843-1/ https://www.suse.com/security/cve/CVE-2021-3933.html CVE-2021-3933 https://bugzilla.suse.com/1192498 SUSE Bug 1192498 In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. CVE-2021-3941 SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.42.1 SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.42.1 SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.42.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.42.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213843-1/ https://www.suse.com/security/cve/CVE-2021-3941.html CVE-2021-3941 https://bugzilla.suse.com/1192556 SUSE Bug 1192556