Security update for opencv

Announcement ID:	SUSE-SU-2019:3192-1
Rating:	moderate
References:	bsc#1144348 bsc#1144352 bsc#1149742 bsc#1154091
Cross-References:	CVE-2019-14491 CVE-2019-14492 CVE-2019-15939
CVSS scores:	CVE-2019-14491 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-14491 ( NVD ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2019-14492 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-14492 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-14492 ( NVD ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2019-15939 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-15939 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15939 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Package Hub 15

An update that solves three vulnerabilities and has one security fix can now be installed.

Description:

This update for opencv fixes the following issues:

Security issues fixed:

• CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).
• CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348).
• CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742).

Non-security issue fixed:

• Fixed an issue in opencv-devel that broke builds with "No rule to make target opencv_calib3d-NOTFOUND" (bsc#1154091).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Package Hub 15
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-3192=1
• SUSE Linux Enterprise Workstation Extension 15 SP1
  zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-3192=1
• SUSE Linux Enterprise Workstation Extension 15
  zypper in -t patch SUSE-SLE-Product-WE-15-2019-3192=1

Package List:

• SUSE Package Hub 15 (aarch64 ppc64le s390x x86_64)
  • opencv-debugsource-3.3.1-6.6.1
  • python3-opencv-debuginfo-3.3.1-6.6.1
  • python2-opencv-debuginfo-3.3.1-6.6.1
  • python2-opencv-3.3.1-6.6.1
  • python3-opencv-3.3.1-6.6.1
  • opencv-debuginfo-3.3.1-6.6.1
• SUSE Linux Enterprise Workstation Extension 15 SP1 (x86_64)
  • opencv-devel-3.3.1-6.6.1
  • opencv-debugsource-3.3.1-6.6.1
  • libopencv3_3-3.3.1-6.6.1
  • libopencv3_3-debuginfo-3.3.1-6.6.1
  • opencv-3.3.1-6.6.1
  • opencv-debuginfo-3.3.1-6.6.1
• SUSE Linux Enterprise Workstation Extension 15 (x86_64)
  • opencv-devel-3.3.1-6.6.1
  • opencv-debugsource-3.3.1-6.6.1
  • libopencv3_3-3.3.1-6.6.1
  • libopencv3_3-debuginfo-3.3.1-6.6.1
  • opencv-3.3.1-6.6.1
  • opencv-debuginfo-3.3.1-6.6.1

References:

• https://www.suse.com/security/cve/CVE-2019-14491.html
• https://www.suse.com/security/cve/CVE-2019-14492.html
• https://www.suse.com/security/cve/CVE-2019-15939.html
• https://bugzilla.suse.com/show_bug.cgi?id=1144348
• https://bugzilla.suse.com/show_bug.cgi?id=1144352
• https://bugzilla.suse.com/show_bug.cgi?id=1149742
• https://bugzilla.suse.com/show_bug.cgi?id=1154091