Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0020)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0020

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0020)

Resumen: The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2022-0020 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2022-0020 advisory.

Vulnerability Insight:
OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in
Imf_3_1::LineCompositeTask::execute (called from
IlmThread_3_1::NullThreadPoolProvider::addTask and
IlmThread_3_1::ThreadPool::addGlobalTask). (CVE-2021-45942)

Affected Software/OS:
'openexr' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-45942
Debian Security Information: DSA-5299 (Google Search)
https://www.debian.org/security/2022/dsa-5299
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/
https://security.gentoo.org/glsa/202210-31
https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0020
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0020)
Resumen:	The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2022-0020 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2022-0020 advisory. Vulnerability Insight: OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). (CVE-2021-45942) Affected Software/OS: 'openexr' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-45942 Debian Security Information: DSA-5299 (Google Search) https://www.debian.org/security/2022/dsa-5299 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/ https://security.gentoo.org/glsa/202210-31 https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
Copyright	Copyright (C) 2022 Greenbone AG