Joined: 12 May 2004
|Posted: Wed Dec 25, 2013 11:04 am Post subject: [ GLSA 201312-07 ] OpenEXR: Multiple Vulnerabilities
|Gentoo Linux Security Advisory
Title: OpenEXR: Multiple Vulnerabilities (GLSA 201312-07)
Exploitable: local, remote
Date: December 09, 2013
Multiple vulnerabilities have been found in OpenEXR, allowing
remote attackers to execute arbitrary code or cause a Denial of Service
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.
Vulnerable: < 1.7.0
Unaffected: >= 1.7.0
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in OpenEXR. Please review
the CVE identifiers referenced below for details.
A context-dependent attacker could execute arbitrary code or cause a
Denial of Service condition via unspecified vectors.
There is no known workaround at this time.
All OpenEXR users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/openexr-1.7.0"
such as revdep-rebuild may assist in identifying some of these packages.
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since December 08, 2010. It is likely that your system is
already no longer affected by this issue.
Last edited by GLSA on Wed Feb 18, 2015 4:32 am; edited 2 times in total