Fedora has issued an advisory on November 22: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning globally, CC Shlomi as last maintainer.
CC: (none) => shlomifAssignee: bugsquad => pkg-bugs
Fedora backported the patch to fix it in this commit: https://src.fedoraproject.org/rpms/mingw-ilmbase/c/905f2935dff088314a956b6decde908f07aa2f23?branch=f31 I believe it's also fixed in 2.4.0.
Status comment: (none) => Patch available from Fedora
Suggested advisory: ======================== The updated packages fix a security vulnerability: OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. (CVE-2018-18443) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18443 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ilmbase24-2.3.0-1.1.mga7 lib(64)ilmbase-devel-2.3.0-1.1.mga7 from SRPMS: ilmbase-2.3.0-1.1.mga7.src.rpm
Version: Cauldron => 7Assignee: pkg-bugs => qa-bugsStatus comment: Patch available from Fedora => (none)Status: NEW => ASSIGNEDWhiteboard: MGA7TOO => (none)CVE: (none) => CVE-2018-18443CC: (none) => nicolas.salguero
MGA7-64 Plasma on Lenovo B50 No installation issues. At CLI: # urpmq --whatrequires lib64ilmbase24 blender blender2.8 calligra-core darktable darktable gimp gimp and a lot more. used strace for gimp and opened metadata in gimp of a jpg file trace shows a.o. openat(AT_FDCWD, "/lib64/libIlmThread-2_3.so.24", O_RDONLY|O_CLOEXEC) = 4 which isone of the components of this package. Worked OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0114.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED