[Git][security-tracker-team/security-tracker][master] Four CVEs for hdf5 issues fixed in unstable
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 6 22:39:14 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8dcdd070 by Salvatore Bonaccorso at 2018-12-06T22:31:51Z
Four CVEs for hdf5 issues fixed in unstable
CVE-2017-17505, CVE-2017-17506, CVE-2017-17508 and CVE-2017-17509 are
fixed in upstream release 1.10.2.
https://confluence.hdfgroup.org/display/support/HDF5+1.10.2
And thus included in the 1.10.4+repack-1 upload to unstable.
For CVE-2017-17507 upstrema does not plan to fix the bug:
- If an HDF5 file contains a malformed compound datatype with a
suitably large offset, the type conversion code can run off
the end of the type conversion buffer, causing a segmentation
fault.
This issue was reported to The HDF Group as issue #CVE-2017-17507.
https://security-tracker.debian.org/tracker/CVE-2017-17506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-17506
NOTE: The HDF5 C library cannot produce such a file. This condition
should only occur in a corrupt (or deliberately altered) file
or a file created by third-party software.
THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME
Fixing this problem would involve updating the publicly visible
H5T_conv_t function pointer typedef and versioning the API calls
which use it. We normally only modify the public API during
major releases, so this bug will not be fixed at this time.
(DER - 2018/02/26, HDFFV-10356)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53238,14 +53238,14 @@ CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the
CVE-2017-17510
RESERVED
CVE-2017-17509 (In HDF5 1.10.1, there is an out of bounds write vulnerability in the ...)
- - hdf5 <unfixed> (bug #884365)
+ - hdf5 1.10.4+repack-1 (bug #884365)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/5-hdf5-heap-overflow-H5G__ent_decode_vec
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function ...)
- - hdf5 <unfixed> (bug #884365)
+ - hdf5 1.10.4+repack-1 (bug #884365)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
@@ -53259,14 +53259,14 @@ CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in
NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
- - hdf5 <unfixed> (bug #884365)
+ - hdf5 1.10.4+repack-1 (bug #884365)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/4-hdf5-outbound-read-H5Opline_pline_decode
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the function ...)
- - hdf5 <unfixed> (bug #884365)
+ - hdf5 1.10.4+repack-1 (bug #884365)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8dcdd070dcff5d9a79cdb7b0cecb712326c25620
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8dcdd070dcff5d9a79cdb7b0cecb712326c25620
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181206/6f043066/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list