Security update for openexr SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:0954-1 Final 1 1 2019-04-16T11:06:03Z current 2019-04-16T11:06:03Z 2019-04-16T11:06:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openexr This update for openexr fixes the following issues: Security issue fixed: - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/lmcache-vllm-openai:0-2019-954,Container containers/open-webui:0-2019-954,Container containers/vllm-openai:0-2019-954,Image ai_15_6-2019-954,SUSE-2019-954,SUSE-SLE-Module-Desktop-Applications-15-2019-954,SUSE-SLE-Module-Development-Tools-OBS-15-2019-954 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20190954-1/ Link for SUSE-SU-2019:0954-1 https://lists.suse.com/pipermail/sle-security-updates/2019-April/005345.html E-Mail link for SUSE-SU-2019:0954-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1113455 SUSE Bug 1113455 https://www.suse.com/security/cve/CVE-2018-18444/ SUSE CVE CVE-2018-18444 page Container containers/lmcache-vllm-openai:0 Container containers/open-webui:0 Container containers/vllm-openai:0 Image ai_15_6 SUSE Linux Enterprise Module for Desktop Applications 15 libIlmImf-2_2-23-2.2.1-3.3.11 libIlmImf-2_2-23-32bit-2.2.1-3.3.11 libIlmImf-2_2-23-64bit-2.2.1-3.3.11 libIlmImfUtil-2_2-23-2.2.1-3.3.11 libIlmImfUtil-2_2-23-32bit-2.2.1-3.3.11 libIlmImfUtil-2_2-23-64bit-2.2.1-3.3.11 openexr-2.2.1-3.3.11 openexr-devel-2.2.1-3.3.11 openexr-doc-2.2.1-3.3.11 libIlmImf-2_2-23-2.2.1-3.3.11 as a component of Container containers/lmcache-vllm-openai:0 libIlmImf-2_2-23-2.2.1-3.3.11 as a component of Container containers/open-webui:0 libIlmImf-2_2-23-2.2.1-3.3.11 as a component of Container containers/vllm-openai:0 libIlmImf-2_2-23-2.2.1-3.3.11 as a component of Image ai_15_6 libIlmImf-2_2-23-2.2.1-3.3.11 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libIlmImfUtil-2_2-23-2.2.1-3.3.11 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 openexr-devel-2.2.1-3.3.11 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. CVE-2018-18444 Container containers/lmcache-vllm-openai:0:libIlmImf-2_2-23-2.2.1-3.3.11 Container containers/open-webui:0:libIlmImf-2_2-23-2.2.1-3.3.11 Container containers/vllm-openai:0:libIlmImf-2_2-23-2.2.1-3.3.11 Image ai_15_6:libIlmImf-2_2-23-2.2.1-3.3.11 SUSE Linux Enterprise Module for Desktop Applications 15:libIlmImf-2_2-23-2.2.1-3.3.11 SUSE Linux Enterprise Module for Desktop Applications 15:libIlmImfUtil-2_2-23-2.2.1-3.3.11 SUSE Linux Enterprise Module for Desktop Applications 15:openexr-devel-2.2.1-3.3.11 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190954-1/ https://www.suse.com/security/cve/CVE-2018-18444.html CVE-2018-18444 https://bugzilla.suse.com/1113455 SUSE Bug 1113455