Ubuntu Security Notice USN-831-1
14th September, 2009
openexr vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04 LTS
Software description
- openexr
Details
Drew Yao discovered several flaws in the way OpenEXR handled certain
malformed EXR image files. If a user were tricked into opening a crafted
EXR image file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1720, CVE-2009-1721)
It was discovered that OpenEXR did not properly handle certain malformed
EXR image files. If a user were tricked into opening a crafted EXR image
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.04:
- libopenexr6 1.6.1-3ubuntu1.9.04.1
- Ubuntu 8.10:
- libopenexr6 1.6.1-3ubuntu1.8.10.1
- Ubuntu 8.04 LTS:
- libopenexr2ldbl 1.2.2-4.4ubuntu1.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.