Bug 7558

Summary: hdf5 security vulnerability CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, denis.silakov, v.potapov
Version: FreshFlags: v.potapov: qa_verified+
andrey.bondrov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.linuxsecurity.com/content/view/169988/170/
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: hdf5 ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2016-12-01 03:28:01 MSK 
Cisco Talos discovered that hdf5, a file format and library for
storing scientific data, contained several vulnerabilities that could
lead to arbitrary code execution when handling untrusted data.
Comment 1 Zombie Ryushu 2016-12-30 03:31:25 MSK 
In the HDF5 1.8.16 library's failure to check if the number of
dimensions  for an array read from the file is within the bounds of the
space allocated for it, a heap-based buffer overflow will occur,
potentially leading to arbitrary code execution (CVE-2016-4330).

When decoding data out of a dataset encoded with the H5Z_NBIT decoding,
the HDF5 1.8.16 library will fail to ensure that the precision is within
the bounds of the size leading to arbitrary code execution
(CVE-2016-4331).

The library's failure to check if certain message types support a
particular flag, the HDF5 1.8.16 library will cast the structure to an
alternative structure and then assign to fields that aren't supported by
the message type and the library will write outside the bounds of the
heap buffer. This can lead to code execution under the context of the
library (CVE-2016-4332).

The HDF5 1.8.16 library allocating space for the array using a value
from the file has an impact within the loop for initializing said array
allowing a value within the file to modify the loop's terminator. Due to
this, an aggressor can cause the loop's index to point outside the
bounds of the array when initializing it (CVE-2016-4333).

https://advisories.mageia.org/MGASA-2016-0425.html
Comment 2 Denis Silakov 2018-03-11 18:07:21 MSK 
Advisory:
Added patches for CVE-2016-433[0-3] to hdf5.

Build lists:
https://abf.io/build_lists/2921707
https://abf.io/build_lists/2921708
Comment 3 Vladimir Potapov 2018-04-05 18:05:50 MSK 
The update is sent to expanded testing
*****************************************
Comment 4 Vladimir Potapov 2018-04-10 10:16:12 MSK 
hdf5-1.8.13-6
https://abf.io/build_lists/2921707
https://abf.io/build_lists/2921708
************************************** Advisory ************************
Added patches for CVE-2016-433[0-3] to hdf5.

************************************************************************
QA Verified