Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678264 (CVE-2019-8396, CVE-2019-8397, CVE-2019-8398) - <sci-libs/hdf5-1.10.5: multiple vulnerabilities
Summary: <sci-libs/hdf5-1.10.5: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2019-8396, CVE-2019-8397, CVE-2019-8398
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-18 03:00 UTC by D'juan McDonald (domhnall)
Modified: 2019-08-02 00:25 UTC (History)
2 users (show)

See Also:
Package list:
sci-libs/hdf5-1.10.5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-02-18 03:00:24 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-8396):

"H5O__pline_decode_invalid-read-memory-access"

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

Reference: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4


(https://nvd.nist.gov/vuln/detail/CVE-2019-8397):

"H5T_close_real_invalid-read-memory-access"

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.

Reference: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5


(https://nvd.nist.gov/vuln/detail/CVE-2019-8398):

"H5T_get_size_invalid-read-memory-access"

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Reference: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6




Gentoo Security Padawan
(domhnall)
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-05-18 19:46:16 UTC
@arches, please stabilize.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-05-19 18:07:21 UTC
x86 stable
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-05-19 20:33:57 UTC
amd64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2019-05-22 08:13:09 UTC
ia64 stable
Comment 5 Larry the Git Cow gentoo-dev 2019-06-04 07:53:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfbe154ccb9626e3e4fe12077e932062e9cc2446

commit bfbe154ccb9626e3e4fe12077e932062e9cc2446
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-06-04 07:52:21 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-06-04 07:52:36 +0000

    sci-libs/hdf5-1.10.5-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/678264
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 sci-libs/hdf5/hdf5-1.10.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 Agostino Sarubbo gentoo-dev 2019-06-04 10:59:41 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-05 07:13:24 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-06-08 18:16:03 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Andreas Sturmlechner gentoo-dev 2019-06-16 05:45:58 UTC
Incidental cleanup in commit df2c62a10c80eb73d5c12bf143ae1c2c2321d980.