Quantcast

Patches for Talos Vulnerabilities in HDF5

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Patches for Talos Vulnerabilities in HDF5

bljones

Patches are available for the following Talos vulnerabilities in HDF5-1.8 and HDF5-1.10:

 

CVE-2016-4330:  HDF5 bug  HDFFV-9992 (TALOS-2016-176)

CVE-2016-4331:  HDF5 bug  HDFFV-9951 (TALOS-2016-177)

CVE-2016-4332:  HDF5 bug  HDFFV-9950 (TALOS-2016-178)

CVE-2016-4333:  HDF5 bug  HDFFV-9993 (TALOS-2016-179)

 

The patches are provided for users who wish to apply them to versions of HDF5 that do not contain fixes for them.

The vulnerabilities were corrected in HDF5-1.8.18 and will be in HDF5-1.10.1. 

 

The patches can be obtained here:

 

   HDF5-1.8 Patch:   https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/talospatch/hdf51.8-CVE2016.patch

   HDF5-1.10 Patch: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/talospatch/hdf51.10-CVE2016.patch

 

Please note that the HDF5-1.8 patch was ONLY tested with HDF5-1.8.17 and HDF5-1.8.16.

The HDF5-1.10 patch was tested with both HDF5-1.10.0-patch1 and HDF5-1.10.0.

 

To apply the patch on a Unix platform, type the following in the top level source code directory:

 

    patch -p0 < [patchfilename]

 

 

 


_______________________________________________
Hdf-forum is for HDF software users discussion.
[hidden email]
http://lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org
Twitter: https://twitter.com/hdf5
Loading...