漏洞信息详情
OpenEXR 多个整数溢出漏洞
- CNNVD编号:CNNVD-200907-446
- 危害等级: 中危
- CVE编号: CVE-2009-1720
- 漏洞类型: 数字错误
- 发布时间: 2009-07-31
- 威胁类型: 远程
- 更新时间: 2009-08-13
- 厂 商: openexr
- 漏洞来源: Drew Yao
漏洞简介
OpenEXR 存在多个整数溢出漏洞, 远程攻击者通过触发堆缓冲区溢出的未明向量导致拒绝服务攻击或执行任意代码。该漏洞与(1) 程序Imf::PreviewImage::PreviewImage 和 (2)压缩机构造器相关。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 5.0 ia-64
Debian libopenexr-dev_1.6.1-3+lenny3_ia64.deb
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_ 1.6.1-3+lenny3_ia64.deb
Debian libopenexr6_1.6.1-3+lenny3_ia64.deb
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6 .1-3+lenny3_ia64.deb
Debian openexr_1.6.1-3+lenny3_ia64.deb
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3 +lenny3_ia64.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu libopenexr-dev_1.2.2-4.4ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ub untu1.1_powerpc.deb
Ubuntu libopenexr2ldbl_1.2.2-4.4ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4u buntu1.1_powerpc.deb
Ubuntu openexr_1.2.2-4.4ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubunt u1.1_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu libopenexr-dev_1.6.1-3ubuntu1.8.10.1_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubun tu1.8.10.1_powerpc.deb
Ubuntu libopenexr6_1.6.1-3ubuntu1.8.10.1_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1 .8.10.1_powerpc.deb
Ubuntu openexr_1.6.1-3ubuntu1.8.10.1_powerpc.deb
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1 .8.10.1_powerpc.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu libopenexr-dev_1.2.2-4.4ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ub untu1.1_sparc.deb
Ubuntu libopenexr2ldbl_1.2.2-4.4ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4u buntu1.1_sparc.deb
Ubuntu openexr_1.2.2-4.4ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubunt u1.1_sparc.deb
Debian Linux 5.0 alpha
Debian libopenexr-dev_1.6.1-3+lenny3_alpha.deb
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_ 1.6.1-3+lenny3_alpha.deb
Debian libopenexr6_1.6.1-3+lenny3_alpha.deb
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6 .1-3+lenny3_alpha.deb
Debian openexr_1.6.1-3+lenny3_alpha.deb
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3 +lenny3_alpha.deb
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva lib64OpenEXR-devel-1.4.0-3.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva lib64OpenEXR4-1.4.0-3.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva OpenEXR-1.4.0-3.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu libopenexr-dev_1.2.2-4.4ubuntu1.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1 .2.2-4.4ubuntu1.1_amd64.deb
Ubuntu libopenexr2ldbl_1.2.2-4.4ubuntu1.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_ 1.2.2-4.4ubuntu1.1_amd64.deb
Ubuntu openexr_1.2.2-4.4ubuntu1.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2. 2-4.4ubuntu1.1_amd64.deb
MandrakeSoft Linux Mandrake 2008.0
Mandriva libOpenEXR-devel-1.4.0-3.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libOpenEXR4-1.4.0-3.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva OpenEXR-1.4.0-3.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 mipsel
Debian libopenexr-dev_1.6.1-3+lenny3_mipsel.deb
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_ 1.6.1-3+lenny3_mipsel.deb
Debian libopenexr6_1.6.1-3+lenny3_mipsel.deb
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6 .1-3+lenny3_mipsel.deb
Debian openexr_1.6.1-3+lenny3_mipsel.deb
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3 +lenny3_mipsel.deb
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu libopenexr-dev_1.6.1-3ubuntu1.9.04.1_sparc.deb
http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubun tu1.9.04.1_sparc.deb
Ubuntu libopenexr6_1.6.1-3ubuntu1.9.04.1_sparc.de
参考网址
来源; US-CERT
名称: TA09-218A
链接:http://www.us-cert.gov/cas/techalerts/TA09-218A.HTML
来源: BID
名称: 35838
链接:http://www.securityfocus.com/bid/35838
来源: DEBIAN
名称: DSA-1842
链接:http://www.debian.org/security/2009/dsa-1842
来源: security.debian.org
链接:http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
来源: security.debian.org
链接:http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
来源: release.debian.org
链接:http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
来源: FEDORA
名称: FEDORA-2009-8136
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.HTML
来源: FEDORA
名称: FEDORA-2009-8132
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.HTML
来源: VUPEN
名称: ADV-2009-2172
链接:http://www.vupen.com/english/advisories/2009/2172
来源: VUPEN
名称: ADV-2009-2035
链接:http://www.vupen.com/english/advisories/2009/2035
来源: SECTRACK
名称: 1022674
链接:http://www.securitytracker.com/id?1022674
来源: MANDRIVA
名称: MDVSA-2009:191
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
来源: MANDRIVA
名称: MDVSA-2009:190
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3757
来源: SECUNIA
名称: 36123
链接:http://secunia.com/advisories/36123
来源: SECUNIA
名称: 36096
链接:http://secunia.com/advisories/36096
来源: SECUNIA
名称: 36032
链接:http://secunia.com/advisories/36032
来源: SECUNIA
名称: 36030
链接:http://secunia.com/advisories/36030
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-08-05-1
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Aug/msg00001.HTML
受影响实体
- Openexr Openexr:1.6.1
- Openexr Openexr:1.2.2
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论