SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1875

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1875

Security update for opencv

Type: security

Severity: moderate

Issued: 2020-07-08

Description:

This update for opencv fixes the following issues:

Security issues fixed:

- CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).
- CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348).
- CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742).

Non-security issue fixed:

- Fixed an issue in opencv-devel that broke builds with "No rule to make target opencv_calib3d-NOTFOUND" (bsc#1154091).

References

CVE: CVE-2019-15939
CVE: CVE-2019-14492
CVE: CVE-2019-14491
Bugzilla: 1154091 opencv-devel is broken with "No rule to make target 'opencv_calib3d-NOTFOUND"
Bugzilla: 1149742 VUL-1: CVE-2019-15939: opencv: divide-by-zero error in cv:HOGDescriptor:getDescriptorSize in modules/objdetect/src/hog.cpp
Bugzilla: 1144352 VUL-1: CVE-2019-14491: opencv: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS
Bugzilla: 1144348 VUL-1: CVE-2019-14492: opencv: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service

Packages

opencv-3.3.1-6.6.1