SCIENTIFIC-LINUX-ERRATA Archives

November 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: libkdcraw on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 26 Nov 2018 18:21:15 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Synopsis:          Moderate: libkdcraw security update
Advisory ID:       SLSA-2018:3065-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-5800
                   CVE-2018-5801
                   CVE-2018-5802
                   CVE-2018-5805
                   CVE-2018-5806
--

* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function
in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw
function in internal/dcraw_common.cpp (CVE-2018-5800)

* LibRaw: NULL pointer dereference in LibRaw::unpack function
src/libraw_cxx.cpp (CVE-2018-5801)

* LibRaw: Out-of-bounds read in kodak_radc_load_raw function
internal/dcraw_common.cpp (CVE-2018-5802)

* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in
internal/dcraw_common.cpp (CVE-2018-5806)
--

SL7
  x86_64
    libkdcraw-4.10.5-5.el7.i686.rpm
    libkdcraw-4.10.5-5.el7.x86_64.rpm
    libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm
    libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm
    libkdcraw-devel-4.10.5-5.el7.i686.rpm
    libkdcraw-devel-4.10.5-5.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2