(https://nvd.nist.gov/vuln/detail/CVE-2019-8396): "H5O__pline_decode_invalid-read-memory-access" A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." Reference: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4 (https://nvd.nist.gov/vuln/detail/CVE-2019-8397): "H5T_close_real_invalid-read-memory-access" An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. Reference: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5 (https://nvd.nist.gov/vuln/detail/CVE-2019-8398): "H5T_get_size_invalid-read-memory-access" An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. Reference: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6 Gentoo Security Padawan (domhnall)
@arches, please stabilize.
x86 stable
amd64 stable
ia64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfbe154ccb9626e3e4fe12077e932062e9cc2446 commit bfbe154ccb9626e3e4fe12077e932062e9cc2446 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-06-04 07:52:21 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-06-04 07:52:36 +0000 sci-libs/hdf5-1.10.5-r0: alpha stable Bug: http://bugs.gentoo.org/678264 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> sci-libs/hdf5/hdf5-1.10.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
ppc64 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Incidental cleanup in commit df2c62a10c80eb73d5c12bf143ae1c2c2321d980.
