Security update for opencv SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2671-1 Final 1 1 2019-12-11T09:15:03Z current 2019-12-11T09:15:03Z 2019-12-11T09:15:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opencv This update for opencv fixes the following issues: Security issues fixed: - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352). - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348). - CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742). Non-security issue fixed: - Fixed an issue in opencv-devel that broke builds with 'No rule to make target opencv_calib3d-NOTFOUND' (bsc#1154091). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2671 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB/#JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB E-Mail link for openSUSE-SU-2019:2671-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1144348 SUSE Bug 1144348 https://bugzilla.suse.com/1144352 SUSE Bug 1144352 https://bugzilla.suse.com/1149742 SUSE Bug 1149742 https://bugzilla.suse.com/1154091 SUSE Bug 1154091 https://www.suse.com/security/cve/CVE-2019-14491/ SUSE CVE CVE-2019-14491 page https://www.suse.com/security/cve/CVE-2019-14492/ SUSE CVE CVE-2019-14492 page https://www.suse.com/security/cve/CVE-2019-15939/ SUSE CVE CVE-2019-15939 page openSUSE Leap 15.1 libopencv3_3-3.3.1-lp151.6.3.1 opencv-3.3.1-lp151.6.3.1 opencv-devel-3.3.1-lp151.6.3.1 opencv-doc-3.3.1-lp151.6.3.1 python2-opencv-3.3.1-lp151.6.3.1 python3-opencv-3.3.1-lp151.6.3.1 libopencv3_3-3.3.1-lp151.6.3.1 as a component of openSUSE Leap 15.1 opencv-3.3.1-lp151.6.3.1 as a component of openSUSE Leap 15.1 opencv-devel-3.3.1-lp151.6.3.1 as a component of openSUSE Leap 15.1 opencv-doc-3.3.1-lp151.6.3.1 as a component of openSUSE Leap 15.1 python2-opencv-3.3.1-lp151.6.3.1 as a component of openSUSE Leap 15.1 python3-opencv-3.3.1-lp151.6.3.1 as a component of openSUSE Leap 15.1 An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVE-2019-14491 openSUSE Leap 15.1:libopencv3_3-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-devel-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-doc-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:python2-opencv-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:python3-opencv-3.3.1-lp151.6.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB/#JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB https://www.suse.com/security/cve/CVE-2019-14491.html CVE-2019-14491 https://bugzilla.suse.com/1144348 SUSE Bug 1144348 https://bugzilla.suse.com/1144352 SUSE Bug 1144352 An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVE-2019-14492 openSUSE Leap 15.1:libopencv3_3-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-devel-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-doc-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:python2-opencv-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:python3-opencv-3.3.1-lp151.6.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB/#JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB https://www.suse.com/security/cve/CVE-2019-14492.html CVE-2019-14492 https://bugzilla.suse.com/1144348 SUSE Bug 1144348 https://bugzilla.suse.com/1144352 SUSE Bug 1144352 An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. CVE-2019-15939 openSUSE Leap 15.1:libopencv3_3-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-devel-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:opencv-doc-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:python2-opencv-3.3.1-lp151.6.3.1 openSUSE Leap 15.1:python3-opencv-3.3.1-lp151.6.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB/#JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB https://www.suse.com/security/cve/CVE-2019-15939.html CVE-2019-15939 https://bugzilla.suse.com/1149742 SUSE Bug 1149742