stable

usd-26.03-3.fc45

FEDORA-2026-c0f8cde7ad created by music a month ago for Fedora 45

Automatic update for usd-26.03-3.fc45.

Changelog
* Wed Apr  8 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 26.03-3
- Backport several OpenEXRCore security fixes
- Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493
- Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534
- Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505
- Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501
- Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497

This update was automatically created

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been submitted for stable by bodhi

a month ago

Please log in to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
0 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
approved
a month ago
Builds
1
usd-26.03-3.fc45
BZ#2455493 CVE-2026-34378 usd: OpenEXR: Denial of Service via crafted EXR file integer overflow [fedora-all]
0
0
BZ#2455497 CVE-2026-34379 usd: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all]
0
0
BZ#2455501 CVE-2026-34589 usd: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service [fedora-all]
0
0
BZ#2455505 CVE-2026-34588 usd: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all]
0
0
BZ#2455534 CVE-2026-34380 usd: OpenEXR: Denial of Service due to signed integer overflow in image decoding [fedora-all]
0
0
usd-26.03-3.fc45

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-79764b86cc-6m5q2.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy