Debian Security Advisory
DSA-3727-1 hdf5 -- security update
- Date Reported:
- 30 Nov 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 845301.
In Mitre's CVE dictionary: CVE-2016-4330, CVE-2016-4331, CVE-2016-4332, CVE-2016-4333.
- More information:
Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data.
For the stable distribution (jessie), these problems have been fixed in version 1.8.13+docs-15+deb8u1.
For the testing distribution (stretch) and unstable distribution (sid), these problems have been fixed in version 1.10.0-patch1+docs-1.
We recommend that you upgrade your hdf5 packages.