Fedora Linux 8492 Published by

An OpenImageIO security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: OpenImageIO-2.4.8.1-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-c3d65c8f7b
2023-02-22 10:10:35.978996
--------------------------------------------------------------------------------

Name : OpenImageIO
Product : Fedora 37
Version : 2.4.8.1
Release : 1.fc37
URL :   https://sites.google.com/site/openimageio/home
Summary : Library for reading and writing images
Description :
OpenImageIO is a library for reading and writing images, and a bunch of related
classes, utilities, and applications. Main features include:
- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and
writing 2D images that is format agnostic.
- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,
DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,
PNM/PPM/PGM/PBM.
- An ImageCache class that transparently manages a cache so that it can access
truly vast amounts of image data.

--------------------------------------------------------------------------------
Update Information:

Release 2.4.8.1 (13 Feb 2023) -- compared to 2.4.8.0 * Fix(targa): guard
against corrupted tga files Fixes TALOS-2023-1707 / CVE-2023-24473,
TALOS-2023-1708 / CVE-2023-22845. #3768 * Fix: race condition in TIFF reader,
fixes TALOS-2023-1709 / CVE-2023-24472. * Windows: Fix unresolved external
symbol for MSVS 2017 #3763 * Fix: Initialize OpenEXROutput::m_levelmode in
init(). #3764 * Fix: improve thread safety for concurrent tiff loads. #3767 *
Fix(fits): Make sure to close if open fails to find right magic number.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 14 2023 Richard Shaw - 2.4.8.1-1
- Update to 2.4.8.1.
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-c3d65c8f7b' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________