Patches are available for the following Talos vulnerabilities in HDF5-1.8 and HDF5-1.10:
CVE-2016-4330: HDF5 bug HDFFV-9992 (TALOS-2016-176) CVE-2016-4331: HDF5 bug HDFFV-9951 (TALOS-2016-177) CVE-2016-4332: HDF5 bug HDFFV-9950 (TALOS-2016-178) CVE-2016-4333: HDF5 bug HDFFV-9993 (TALOS-2016-179) The patches are provided for users who wish to apply them to versions of HDF5 that do not contain fixes for them. The vulnerabilities were corrected in HDF5-1.8.18 and will be in HDF5-1.10.1. The patches can be obtained here: HDF5-1.8 Patch: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/talospatch/hdf51.8-CVE2016.patch HDF5-1.10 Patch: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/talospatch/hdf51.10-CVE2016.patch Please note that the HDF5-1.8 patch was ONLY tested with HDF5-1.8.17 and HDF5-1.8.16. The HDF5-1.10 patch was tested with both HDF5-1.10.0-patch1 and HDF5-1.10.0. To apply the patch on a Unix platform, type the following in the top level source code directory: patch -p0 < [patchfilename]
_______________________________________________ Hdf-forum is for HDF software users discussion. [email protected] http://lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org Twitter: https://twitter.com/hdf5
