Fedora Linux 8811 Published by

A mingw-openexr security update has been released for Fedora 34.



SECURITY: Fedora 34 Update: mingw-openexr-2.5.5-4.fc34


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-eca9d3b7fa
2022-02-06 02:01:15.080440
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 34
Version : 2.5.5
Release : 4.fc34
URL :   http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Backport patches for CVE-2021-3933 and CVE-2021-3941.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 28 2022 Sandro Mani - 2.5.5-4
- Backport patches for CVE-2021-3933 and CVE-2021-3941
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2019785 - CVE-2021-3933 mingw-openexr: openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTable [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2019785
[ 2 ] Bug #2019793 - CVE-2021-3941 mingw-openexr: openexr: Divide-by-zero in Imf_3_1::RGBtoXYZ [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2019793
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-eca9d3b7fa' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________