Fedora Linux 8781 Published by

An OpenImageIO security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: OpenImageIO-2.4.6.1-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-fc361cc7b6
2023-01-01 01:37:16.969693
--------------------------------------------------------------------------------

Name : OpenImageIO
Product : Fedora 37
Version : 2.4.6.1
Release : 1.fc37
URL :   https://sites.google.com/site/openimageio/home
Summary : Library for reading and writing images
Description :
OpenImageIO is a library for reading and writing images, and a bunch of related
classes, utilities, and applications. Main features include:
- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and
writing 2D images that is format agnostic.
- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,
DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,
PNM/PPM/PGM/PBM.
- An ImageCache class that transparently manages a cache so that it can access
truly vast amounts of image data.

--------------------------------------------------------------------------------
Update Information:

* Update to 2.4.6.1, see release notes for details:
  https://github.com/OpenImageIO/oiio/releases * Security fix for
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 22 2022 Richard Shaw - 2.4.6.1-1
- Update to 2.4.6.1.
* Tue Dec 20 2022 Gwyn Ciesla - 2.4.4.2-3
- LibRaw rebuild
* Tue Nov 15 2022 Richard Shaw - 2.4.4.2-2
- Rebuild for yaml-cpp 0.7.0.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2139227 - OpenImageIO-2.4.6.1 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2139227
[ 2 ] Bug #2156029 - CVE-2022-43603 OpenImageIO: denial of service vulnerability [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2156029
[ 3 ] Bug #2156033 - CVE-2022-41981 OpenImageIO: stack-based buffer overflow vulnerability [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2156033
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-fc361cc7b6' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________