Overview
Request 848496 accepted
- Update to version 1.10.7
* https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt
* https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt
- Security bugs fixed:
* CVE-2018-13870: heap-based buffer over-read in the function
H5O_link_decode in H5Olink.c (bsc#1101493)
* CVE-2018-13869: memcpy parameter overlap in the function
H5O_link_decode in H5Olink.c (bsc#1101495)
* CVE-2018-17438: A SIGFPE signal is raised in the function
H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3
library during an attempted parse of a crafted HDF file,
because of incorrect protection against division
(bsc#1109570)
* CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode()
in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows
attackers to cause a denial of service via a crafted HDF5 file.
(bsc#1109567)
- Refresh patches
- Security bugs fixed:
* CVE-2018-17233: A SIGFPE signal is raised in the function
H5D__create_chunk_file_map_hyper. (bsc#1109166)
* CVE-2018-17434: Memory leak in the H5O__chunk_deserialize()
function in H5Ocache.c (bsc#1109167)
* CVE-2018-17437: A SIGFPE signal is raised in the function
H5D__chunk_set_info_real. (bsc#1109168)
- Security bugs fixed:
* CVE-2017-17505: NULL pointer dereference in the function
H5O_pline_decode allowing for DoS via crafted file (bsc#1072087)
* CVE-2017-17506: Out of bounds read in the function
- Created by anag
- In state accepted
-
Package maintainer:
badshah400
Request History
anag created request
- Update to version 1.10.7
* https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt
* https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt
- Security bugs fixed:
* CVE-2018-13870: heap-based buffer over-read in the function
H5O_link_decode in H5Olink.c (bsc#1101493)
* CVE-2018-13869: memcpy parameter overlap in the function
H5O_link_decode in H5Olink.c (bsc#1101495)
* CVE-2018-17438: A SIGFPE signal is raised in the function
H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3
library during an attempted parse of a crafted HDF file,
because of incorrect protection against division
(bsc#1109570)
* CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode()
in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows
attackers to cause a denial of service via a crafted HDF5 file.
(bsc#1109567)
- Refresh patches
- Security bugs fixed:
* CVE-2018-17233: A SIGFPE signal is raised in the function
H5D__create_chunk_file_map_hyper. (bsc#1109166)
* CVE-2018-17434: Memory leak in the H5O__chunk_deserialize()
function in H5Ocache.c (bsc#1109167)
* CVE-2018-17437: A SIGFPE signal is raised in the function
H5D__chunk_set_info_real. (bsc#1109168)
- Security bugs fixed:
* CVE-2017-17505: NULL pointer dereference in the function
H5O_pline_decode allowing for DoS via crafted file (bsc#1072087)
* CVE-2017-17506: Out of bounds read in the function
anag accepted request
