Synopsis:          Moderate: OpenEXR security update
Advisory ID:       SLSA-2020:4039-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2020-11763
                   CVE-2020-11764
                   CVE-2020-11761
--

Security Fix(es):

* OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)

* OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp
(CVE-2020-11763)

* OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in
ImfMisc.cpp (CVE-2020-11764)
--

SL7
  x86_64
    OpenEXR-libs-1.7.1-8.el7.x86_64.rpm
    OpenEXR-libs-1.7.1-8.el7.i686.rpm
    OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm
    OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm
    OpenEXR-1.7.1-8.el7.x86_64.rpm
    OpenEXR-devel-1.7.1-8.el7.i686.rpm
    OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

- Scientific Linux Development Team