Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.4611
hdf5 security update
10 August 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: hdf5
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2018-17437 CVE-2018-17434 CVE-2018-17234
CVE-2018-17233 CVE-2018-11206 CVE-2018-1723
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html
Comment: CVSS (Max): 8.1 CVE-2018-11206 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)
CVSS Source: NIST
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3522-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
August 09, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : hdf5
Version : 1.10.4+repack-10+deb10u1
CVE ID : CVE-2018-11206 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237
CVE-2018-17434 CVE-2018-17437
Multiple security vulnerabilities were discovered in HDF5, a Hierarchical
Data Format and a library for scientific data. Memory leaks, out-of-bound
reads and division by zero errors may lead to a denial of service when
processing a malformed HDF file.
For Debian 10 buster, these problems have been fixed in version
1.10.4+repack-10+deb10u1.
We recommend that you upgrade your hdf5 packages.
For the detailed security status of hdf5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/hdf5
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTTMc5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQsIhAApZZZKqDI6ISaxAA38sRbrNDMUiH49CdmIpYWr5rFgkkXWyURm1vURkBQ
80h9pmCnjqa1bmEGtGHe0StSPXFXKBB2hh1htIOmeZBgVhXFeA4pGtV5BR1qj254
XeOpirgSj3KKT3QhCAkzFLfbjnylEMw+ZcBXQa7oFV4x3qKvNDCuoxTWPCd9gdjk
8mRt/OXdC0v8QQE9l6aVw50yR/Fr65vRb1ZhpgYRo83Wgq8Z5VNpkab+QU2nIZ9x
Apz+nOcXDCOQG9RV0mBgVaKFdU7/KR1SUDer7/oett1MumOsppNGIz0rHkOjNI0s
mXB6l+UhiwWbwlSGf8sq3oiJ95PTeRnvZpIP/WTwjZeQwLu8mEDXrtBHYQ7ptNvb
hXD88qE2UloCIj1RfJcxWOnmFMissYuFR0kVAn3n+570ZpsFXGIO8aPcd/pEQ1Cm
FdVec94xCQcvFRqqDWslJwH8Y9ARKrffzfjMQZN/AyVqS9KJBtDnKGmo/+7Sq7+d
QfBHKXn3KCzdd1Jaxy2cPr4KVtPewNe5Rpi2HiSgABiH8vTPyYwu173jMBKnJkvf
uiaOZrdeXxHyazfE0H17kxqgvO5WlBzH8t6fXVIRAOp7y9vc1sK3XBUKb84c4l7U
i9zl0VcJZL4JQYNTbY6KSf1iffekXmuS37JLThCwjlzZVVTYHy8=
=3Kla
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZNRb+skNZI30y1K9AQgZAQ//SBP4wRLNt/pqDdoOAZs1dqCNLvbUtbbr
/nP9hvNfsOv0mRScAvqx8cRT8cyHMEWrKzUAyanArDT9/EIKe2B1GwCWi6FOzTU0
pxXNXe0C1TyePSxvmb6ivu510IDKNj75e/34Exd/ov0ZVD6w5thNkmcl7TMoHPyo
5ckR9By7pVYAwW5TQPz7ls1Al/WTsCoKpCfcwtsCWPDQUPVmSE+sp7F4avUlLZuL
7zV4gK1GGbdsCfnBypuPXLbVyqQ9wHSRpd3lGN3n/WnyQkB+TO9allZRWrBA0nLs
neia0zBryb0cEpFbOOiy9Z+l0xXoq+UJH3L2kRCK5QmpzbNgrG5ILn6hgQa3MQXs
pHi0q9cCRCg8OY7OMUF7BYp5W6eyFRkrELSz9s8lDIq9S6g7OGHlD6JofQI059Kt
TeLs9dKub2RML0Hu7N6L+9UY711U1gPge+pWGWOW1M3G8LJeWolKiRhx4d3fAiCK
07kK8zavbBRC6JFuS5fLICUQ+S9xMu3eIIC3F7ebgSWxUiCowaLrLDawiObuhmFP
jiVvaKG/l9LHqH1XPv7M0XX8xscN5zFzz6lauLxBkOphDj23QLjneneYHnSV9g68
Qc9hJyshB8f59vsEOuI3eGHN4smBk/hSPnoHQewGBRP1Eu6jCmUWKKgCh98wx2LK
174Okg5vsgY=
=UeTT
-----END PGP SIGNATURE-----