{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"OpenEXR security update", "category":"general", "title":"Synopsis" }, { "text":"An update for OpenEXR is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.\n\nSecurity Fix(es):\n\nAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.(CVE-2021-26260)\n\nAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.(CVE-2021-23215)\n\nA heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.(CVE-2021-23169)", "category":"general", "title":"Description" }, { "text":"An update for OpenEXR is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"OpenEXR", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2021-1238", "category":"self", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1238" }, { "summary":"CVE-2021-26260", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2021-26260&packageName=OpenEXR" }, { "summary":"CVE-2021-23215", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2021-23215&packageName=OpenEXR" }, { "summary":"CVE-2021-23169", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2021-23169&packageName=OpenEXR" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26260" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23215" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23169" }, { "summary":"openEuler-SA-2021-1238 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2021/csaf-openeuler-sa-2021-1238.json" } ], "title":"An update for OpenEXR is now available for openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2021-06-26T09:20:44+08:00", "revision_history":[ { "date":"2021-06-26T09:20:44+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:20:44+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:20:44+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:20:44+08:00", "id":"openEuler-SA-2021-1238", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-devel-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-devel-2.2.0-20.oe1.aarch64.rpm" }, "name":"OpenEXR-devel-2.2.0-20.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-2.2.0-20.oe1.aarch64.rpm" }, "name":"OpenEXR-2.2.0-20.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-libs-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-libs-2.2.0-20.oe1.aarch64.rpm" }, "name":"OpenEXR-libs-2.2.0-20.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-debugsource-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-debugsource-2.2.0-20.oe1.aarch64.rpm" }, "name":"OpenEXR-debugsource-2.2.0-20.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-debuginfo-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-debuginfo-2.2.0-20.oe1.aarch64.rpm" }, "name":"OpenEXR-debuginfo-2.2.0-20.oe1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-2.2.0-20.oe1.src.rpm(20.03-LTS-SP1)", "name":"OpenEXR-2.2.0-20.oe1.src.rpm" }, "name":"OpenEXR-2.2.0-20.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-2.2.0-20.oe1.x86_64.rpm" }, "name":"OpenEXR-2.2.0-20.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-libs-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-libs-2.2.0-20.oe1.x86_64.rpm" }, "name":"OpenEXR-libs-2.2.0-20.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-devel-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-devel-2.2.0-20.oe1.x86_64.rpm" }, "name":"OpenEXR-devel-2.2.0-20.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-debugsource-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-debugsource-2.2.0-20.oe1.x86_64.rpm" }, "name":"OpenEXR-debugsource-2.2.0-20.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"OpenEXR-debuginfo-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"OpenEXR-debuginfo-2.2.0-20.oe1.x86_64.rpm" }, "name":"OpenEXR-debuginfo-2.2.0-20.oe1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-devel-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "name":"OpenEXR-devel-2.2.0-20.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "name":"OpenEXR-2.2.0-20.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-libs-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "name":"OpenEXR-libs-2.2.0-20.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-debugsource-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "name":"OpenEXR-debugsource-2.2.0-20.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-debuginfo-2.2.0-20.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "name":"OpenEXR-debuginfo-2.2.0-20.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-2.2.0-20.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "name":"OpenEXR-2.2.0-20.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "name":"OpenEXR-2.2.0-20.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-libs-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "name":"OpenEXR-libs-2.2.0-20.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-devel-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "name":"OpenEXR-devel-2.2.0-20.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-debugsource-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "name":"OpenEXR-debugsource-2.2.0-20.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"OpenEXR-debuginfo-2.2.0-20.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64", "name":"OpenEXR-debuginfo-2.2.0-20.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2021-26260", "notes":[ { "text":"An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ], "details":"OpenEXR security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1238" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-26260" }, { "cve":"CVE-2021-23215", "notes":[ { "text":"An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ], "details":"OpenEXR security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1238" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-23215" }, { "cve":"CVE-2021-23169", "notes":[ { "text":"A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ], "details":"OpenEXR security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1238" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.aarch64", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.src", "openEuler-20.03-LTS-SP1:OpenEXR-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-libs-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-devel-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debugsource-2.2.0-20.oe1.x86_64", "openEuler-20.03-LTS-SP1:OpenEXR-debuginfo-2.2.0-20.oe1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2021-23169" } ] }