testing

usd-26.03-3.fc44

FEDORA-2026-502486fc61 created by music 2 days ago for Fedora 44

Backport several OpenEXRCore security fixes

  • Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes #2455493
  • Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes #2455534
  • Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes #2455505
  • Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes #2455501
  • Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes #2455497

Backport fix for CVE-2026-34544 in OpenEXRCore

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-502486fc61

This update has been submitted for testing by music.

2 days ago

This update's test gating status has been changed to 'ignored'.

2 days ago

This update has obsoleted usd-26.03-2.fc44, and has inherited its bugs and notes.

2 days ago

This update has been pushed to testing.

2 days ago

Please log in to add feedback.

Frozen release
This update will not be pushed to stable until freeze is lifted from Fedora 44.
Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
2 days ago
in testing
2 days ago
days to stable
5
Builds
1
usd-26.03-3.fc44
BZ#2454226 CVE-2026-34544 usd: OpenEXR: Memory corruption and Denial of Service via crafted EXR file processing [fedora-all]
0
0
BZ#2455493 CVE-2026-34378 usd: OpenEXR: Denial of Service via crafted EXR file integer overflow [fedora-all]
0
0
BZ#2455497 CVE-2026-34379 usd: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all]
0
0
BZ#2455501 CVE-2026-34589 usd: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service [fedora-all]
0
0
BZ#2455505 CVE-2026-34588 usd: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all]
0
0
BZ#2455534 CVE-2026-34380 usd: OpenEXR: Denial of Service due to signed integer overflow in image decoding [fedora-all]
0
0
usd-26.03-3.fc44

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-21-9kdk4.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy