Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.4611 hdf5 security update 10 August 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: hdf5 Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2018-17437 CVE-2018-17434 CVE-2018-17234 CVE-2018-17233 CVE-2018-11206 CVE-2018-1723 Original Bulletin: https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html Comment: CVSS (Max): 8.1 CVE-2018-11206 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H) CVSS Source: NIST Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3522-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany August 09, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : hdf5 Version : 1.10.4+repack-10+deb10u1 CVE ID : CVE-2018-11206 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17434 CVE-2018-17437 Multiple security vulnerabilities were discovered in HDF5, a Hierarchical Data Format and a library for scientific data. Memory leaks, out-of-bound reads and division by zero errors may lead to a denial of service when processing a malformed HDF file. For Debian 10 buster, these problems have been fixed in version 1.10.4+repack-10+deb10u1. We recommend that you upgrade your hdf5 packages. For the detailed security status of hdf5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/hdf5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTTMc5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQsIhAApZZZKqDI6ISaxAA38sRbrNDMUiH49CdmIpYWr5rFgkkXWyURm1vURkBQ 80h9pmCnjqa1bmEGtGHe0StSPXFXKBB2hh1htIOmeZBgVhXFeA4pGtV5BR1qj254 XeOpirgSj3KKT3QhCAkzFLfbjnylEMw+ZcBXQa7oFV4x3qKvNDCuoxTWPCd9gdjk 8mRt/OXdC0v8QQE9l6aVw50yR/Fr65vRb1ZhpgYRo83Wgq8Z5VNpkab+QU2nIZ9x Apz+nOcXDCOQG9RV0mBgVaKFdU7/KR1SUDer7/oett1MumOsppNGIz0rHkOjNI0s mXB6l+UhiwWbwlSGf8sq3oiJ95PTeRnvZpIP/WTwjZeQwLu8mEDXrtBHYQ7ptNvb hXD88qE2UloCIj1RfJcxWOnmFMissYuFR0kVAn3n+570ZpsFXGIO8aPcd/pEQ1Cm FdVec94xCQcvFRqqDWslJwH8Y9ARKrffzfjMQZN/AyVqS9KJBtDnKGmo/+7Sq7+d QfBHKXn3KCzdd1Jaxy2cPr4KVtPewNe5Rpi2HiSgABiH8vTPyYwu173jMBKnJkvf uiaOZrdeXxHyazfE0H17kxqgvO5WlBzH8t6fXVIRAOp7y9vc1sK3XBUKb84c4l7U i9zl0VcJZL4JQYNTbY6KSf1iffekXmuS37JLThCwjlzZVVTYHy8= =3Kla - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZNRb+skNZI30y1K9AQgZAQ//SBP4wRLNt/pqDdoOAZs1dqCNLvbUtbbr /nP9hvNfsOv0mRScAvqx8cRT8cyHMEWrKzUAyanArDT9/EIKe2B1GwCWi6FOzTU0 pxXNXe0C1TyePSxvmb6ivu510IDKNj75e/34Exd/ov0ZVD6w5thNkmcl7TMoHPyo 5ckR9By7pVYAwW5TQPz7ls1Al/WTsCoKpCfcwtsCWPDQUPVmSE+sp7F4avUlLZuL 7zV4gK1GGbdsCfnBypuPXLbVyqQ9wHSRpd3lGN3n/WnyQkB+TO9allZRWrBA0nLs neia0zBryb0cEpFbOOiy9Z+l0xXoq+UJH3L2kRCK5QmpzbNgrG5ILn6hgQa3MQXs pHi0q9cCRCg8OY7OMUF7BYp5W6eyFRkrELSz9s8lDIq9S6g7OGHlD6JofQI059Kt TeLs9dKub2RML0Hu7N6L+9UY711U1gPge+pWGWOW1M3G8LJeWolKiRhx4d3fAiCK 07kK8zavbBRC6JFuS5fLICUQ+S9xMu3eIIC3F7ebgSWxUiCowaLrLDawiObuhmFP jiVvaKG/l9LHqH1XPv7M0XX8xscN5zFzz6lauLxBkOphDj23QLjneneYHnSV9g68 Qc9hJyshB8f59vsEOuI3eGHN4smBk/hSPnoHQewGBRP1Eu6jCmUWKKgCh98wx2LK 174Okg5vsgY= =UeTT -----END PGP SIGNATURE-----