diff --git a/openexr-CVE-2021-3605.patch b/openexr-CVE-2021-3605.patch new file mode 100644 index 0000000..4ccd553 --- /dev/null +++ b/openexr-CVE-2021-3605.patch @@ -0,0 +1,15 @@ +--- a/OpenEXR/IlmImf/ImfRle.cpp ++++ b/OpenEXR/IlmImf/ImfRle.cpp +@@ -146,6 +146,11 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[]) + if (0 > (maxLength -= count + 1)) + return 0; + ++ // check the input buffer is big enough to contain ++ // byte to be duplicated ++ if (inLength < 0) ++ return 0; ++ + memset(out, *(char*)in, count+1); + out += count+1; + + diff --git a/openexr.changes b/openexr.changes index b749eb3..aa967c4 100644 --- a/openexr.changes +++ b/openexr.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jun 16 12:28:02 UTC 2021 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function + + openexr-CVE-2021-3605.patch + ------------------------------------------------------------------- Tue Jun 15 10:05:14 UTC 2021 - pgajdos@suse.com diff --git a/openexr.spec b/openexr.spec index 87d05fb..a729a28 100644 --- a/openexr.spec +++ b/openexr.spec @@ -1,5 +1,5 @@ # -# spec file for package openexr +# spec file # # Copyright (c) 2021 SUSE LLC # @@ -46,6 +46,8 @@ Source2: baselibs.conf Patch1: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch # CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars Patch2: openexr-CVE-2021-3598.patch +# CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function +Patch3: openexr-CVE-2021-3605.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -226,6 +228,7 @@ Group: System/Libraries %setup -q -n %{prjname}-%{version} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %if "%{flavor}" == "openexr"