[SECURITY] [DLA 771-1] hdf5 security update

2016-12-3116:41:35

lists.debian.org

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Package : hdf5
Version : 1.8.8-9+deb7u1
CVE ID : CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333
Debian Bug : 845301

Cisco Talos discovered that hdf5, a file format and library for
storing scientific data, contained several vulnerabilities that could
lead to arbitrary code execution when handling untrusted data.

For Debian 7 "Wheezy", these problems have been fixed in version
1.8.8-9+deb7u1.

We recommend that you upgrade your hdf5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8kfreebsd-amd64hdf5-helpers< 1.8.13+docs-15+deb8u1hdf5-helpers_1.8.13+docs-15+deb8u1_kfreebsd-amd64.deb
Debian8arm64libhdf5-openmpi-8< 1.8.13+docs-15+deb8u1libhdf5-openmpi-8_1.8.13+docs-15+deb8u1_arm64.deb
Debian7amd64hdf5-tools< 1.8.8-9+deb7u1hdf5-tools_1.8.8-9+deb7u1_amd64.deb
Debian7armhflibhdf5-7-dbg< 1.8.8-9+deb7u1libhdf5-7-dbg_1.8.8-9+deb7u1_armhf.deb
Debian8kfreebsd-i386libhdf5-mpich-8< 1.8.13+docs-15+deb8u1libhdf5-mpich-8_1.8.13+docs-15+deb8u1_kfreebsd-i386.deb
Debian7armellibhdf5-serial-dev< 1.8.8-9+deb7u1libhdf5-serial-dev_1.8.8-9+deb7u1_armel.deb
Debian7armhflibhdf5-openmpi-dev< 1.8.8-9+deb7u1libhdf5-openmpi-dev_1.8.8-9+deb7u1_armhf.deb
Debian8powerpclibhdf5-openmpi-8-dbg< 1.8.13+docs-15+deb8u1libhdf5-openmpi-8-dbg_1.8.13+docs-15+deb8u1_powerpc.deb
Debian8mipslibhdf5-mpi-dev< 1.8.13+docs-15+deb8u1libhdf5-mpi-dev_1.8.13+docs-15+deb8u1_mips.deb
Debian7armhflibhdf5-mpich2-dev< 1.8.8-9+deb7u1libhdf5-mpich2-dev_1.8.8-9+deb7u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	kfreebsd-amd64	hdf5-helpers	< 1.8.13+docs-15+deb8u1	hdf5-helpers_1.8.13+docs-15+deb8u1_kfreebsd-amd64.deb
Debian	8	arm64	libhdf5-openmpi-8	< 1.8.13+docs-15+deb8u1	libhdf5-openmpi-8_1.8.13+docs-15+deb8u1_arm64.deb
Debian	7	amd64	hdf5-tools	< 1.8.8-9+deb7u1	hdf5-tools_1.8.8-9+deb7u1_amd64.deb
Debian	7	armhf	libhdf5-7-dbg	< 1.8.8-9+deb7u1	libhdf5-7-dbg_1.8.8-9+deb7u1_armhf.deb
Debian	8	kfreebsd-i386	libhdf5-mpich-8	< 1.8.13+docs-15+deb8u1	libhdf5-mpich-8_1.8.13+docs-15+deb8u1_kfreebsd-i386.deb
Debian	7	armel	libhdf5-serial-dev	< 1.8.8-9+deb7u1	libhdf5-serial-dev_1.8.8-9+deb7u1_armel.deb
Debian	7	armhf	libhdf5-openmpi-dev	< 1.8.8-9+deb7u1	libhdf5-openmpi-dev_1.8.8-9+deb7u1_armhf.deb
Debian	8	powerpc	libhdf5-openmpi-8-dbg	< 1.8.13+docs-15+deb8u1	libhdf5-openmpi-8-dbg_1.8.13+docs-15+deb8u1_powerpc.deb
Debian	8	mips	libhdf5-mpi-dev	< 1.8.13+docs-15+deb8u1	libhdf5-mpi-dev_1.8.13+docs-15+deb8u1_mips.deb
Debian	7	armhf	libhdf5-mpich2-dev	< 1.8.8-9+deb7u1	libhdf5-mpich2-dev_1.8.8-9+deb7u1_armhf.deb