安全公告详情

NS-SA-2021-0149

2021-09-24 11:21:19

简介

moderate: OpenEXR/qt security update

严重级别

moderate

主题

An update for OpenEXR/qt is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

OpenEXR: Headers and libraries for building apps that use OpenEXR.
qt: Private headers for Qt toolkit.


Security Fix(es):
OpenEXR: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)
OpenEXR: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.(CVE-2020-11764)
OpenEXR: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.(CVE-2020-11761)
OpenEXR: bugfix
qt: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.(CVE-2020-17507)
qt: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F11B5.

影响组件

  • OpenEXR
  • qt

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["OpenEXR-devel-1.7.1-8.el7.x86_64.rpm","OpenEXR-libs-1.7.1-8.el7.x86_64.rpm","OpenEXR-1.7.1-8.el7.x86_64.rpm"],"source":"OpenEXR-1.7.1-8.el7.src.rpm"},{"binary":["qt-devel-private-4.8.7-9.el7_9.noarch.rpm","qt-devel-4.8.7-9.el7_9.x86_64.rpm","qt-demos-4.8.7-9.el7_9.x86_64.rpm","qt-mysql-4.8.7-9.el7_9.x86_64.rpm","qt-qdbusviewer-4.8.7-9.el7_9.x86_64.rpm","qt-x11-4.8.7-9.el7_9.x86_64.rpm","qt-4.8.7-9.el7_9.x86_64.rpm","qt-doc-4.8.7-9.el7_9.noarch.rpm","qt-config-4.8.7-9.el7_9.x86_64.rpm","qt-assistant-4.8.7-9.el7_9.x86_64.rpm","qt-postgresql-4.8.7-9.el7_9.x86_64.rpm","qt-examples-4.8.7-9.el7_9.x86_64.rpm","qt-qvfb-4.8.7-9.el7_9.x86_64.rpm","qt-odbc-4.8.7-9.el7_9.x86_64.rpm"],"source":"qt-4.8.7-9.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["OpenEXR-devel-1.7.1-8.el7.x86_64.rpm","OpenEXR-libs-1.7.1-8.el7.x86_64.rpm","OpenEXR-1.7.1-8.el7.x86_64.rpm"],"source":"OpenEXR-1.7.1-8.el7.src.rpm"},{"binary":["qt-devel-private-4.8.7-9.el7_9.noarch.rpm","qt-devel-4.8.7-9.el7_9.x86_64.rpm","qt-demos-4.8.7-9.el7_9.x86_64.rpm","qt-mysql-4.8.7-9.el7_9.x86_64.rpm","qt-qdbusviewer-4.8.7-9.el7_9.x86_64.rpm","qt-x11-4.8.7-9.el7_9.x86_64.rpm","qt-4.8.7-9.el7_9.x86_64.rpm","qt-doc-4.8.7-9.el7_9.noarch.rpm","qt-config-4.8.7-9.el7_9.x86_64.rpm","qt-assistant-4.8.7-9.el7_9.x86_64.rpm","qt-postgresql-4.8.7-9.el7_9.x86_64.rpm","qt-examples-4.8.7-9.el7_9.x86_64.rpm","qt-qvfb-4.8.7-9.el7_9.x86_64.rpm","qt-odbc-4.8.7-9.el7_9.x86_64.rpm"],"source":"qt-4.8.7-9.el7_9.src.rpm"}]}]}

CVE

参考