1.修復的CVE
CVE-2020-16588
Industrial Light And Magic(lim) OpenEXR是美國Industrial Light and Magic(LIM)(Industrial Light And Magic(lim))公司的一種圖像文件格式,適用于高動態范圍(HDR)圖像。
Industrial Light and Magic Academy Software Foundation OpenEXR 2.3.0版本存在安全漏洞,該漏洞源于存在一個空指針遵循問題,可以通過一個制作好的EXR文件導致拒絕服務。
CVE-2020-16589
Industrial Light And Magic(lim) OpenEXR是美國Industrial Light and Magic(LIM)(Industrial Light And Magic(lim))公司的一種圖像文件格式,適用于高動態范圍(HDR)圖像。
Industrial Light and Magic Academy Software Foundation OpenEXR 2.3.0版本存在緩沖區錯誤漏洞,該漏洞源于writeTileData in ImfTiledOutputFile.cpp中存在基于頭的緩沖區溢出,可以通過精心制作的EXR文件導致拒絕服務。
CVE-2020-16587
Industrial Light And Magic(lim) OpenEXR是美國Industrial Light and Magic(LIM)(Industrial Light And Magic(lim))公司的一種圖像文件格式,適用于高動態范圍(HDR)圖像。
Industrial Light And Magic Academy Software Foundation OpenEXR 2.3.0 存在緩沖區錯誤漏洞,該漏洞源于在ImfMultiPartInputFile.cpp的chunkOffsetReconstruction中,存在一個基于堆的緩沖區溢出漏洞,可以通過一個制作好的EXR文件導致拒絕服務。
銀河麒麟桌面操作系統V10 SP1
軟件包:openexr
2.2.0-10kord2.4(V4、V10)
2.3.0-6kylin0.5(V10 SP1)
4.受影響的軟件包
·銀河麒麟操作系統V10桌面版、V4
libopenexr-dev
libopenexr24
openexr
openexr-doc
·銀河麒麟桌面操作系統V10 SP1
libopenexr-dev
libopenexr24
openexr
openexr-doc
打開軟件包源配置文件,根據倉庫地址進行修改。
4.0.2桌面版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2-desktop main restricted universe multiverse
4.0.2-sp1桌面版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp1-desktop main restricted universe multiverse
4.0.2-sp2桌面版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp2-desktop main restricted universe multiverse
4.0.2-sp3桌面版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp3-desktop main restricted universe multiverse
4.0.2-sp4桌面版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp4-desktop main restricted universe multiverse
10.0版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 10.0 main restricted universe multiverse
10SP1版本:
http://archive.kylinos.cn/kylin/KYLIN-ALL 10.1 main restricted universe multiverse
配置完成后執行更新命令進行升級
$sudo apt update
通過軟件包地址下載軟件包,使用軟件包升級命令根據受影響的組件包列表 升級相關的組件包。
$dpkg -i Packagelists
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr-dev_2.2.0-10kord2.4_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr22_2.2.0-10kord2.4_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr-doc_2.2.0-10kord2.4_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr_2.2.0-10kord2.4_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr-dev_2.2.0-10kord2.4_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr22_2.2.0-10kord2.4_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr-doc_2.2.0-10kord2.4_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr_2.2.0-10kord2.4_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr-dev_2.3.0-6kylin0.5_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr24_2.3.0-6kylin0.5_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr-doc_2.3.0-6kylin0.5_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr_2.3.0-6kylin0.5_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr-dev_2.3.0-6kylin0.5_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr24_2.3.0-6kylin0.5_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr-doc_2.3.0-6kylin0.5_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr_2.3.0-6kylin0.5_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr-dev_2.3.0-6kylin0.5_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/libopenexr24_2.3.0-6kylin0.5_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr-doc_2.3.0-6kylin0.5_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/o/openexr/openexr_2.3.0-6kylin0.5_mips64el.deb
