Advisories » MGASA-2019-0166

Updated openexr packages fix security vulnerabilities

Publication date: 12 May 2019
Modification date: 12 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18444

Description

Updated openexr package fixes security vulnerabilities:

It was discovered that makeMultiView.cpp in exrmultiview in OpenEXR
2.3.0 has an out-of-bounds write, leading to an assertion failure or
possibly unspecified other impact (CVE-2018-18444).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24759
• https://lists.opensuse.org/opensuse-updates/2019-04/msg00178.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444

SRPMS

6/core

• openexr-2.2.0-10.1.mga6