Security Information / 2016 / Security Information -- DSA-3727-1 hdf5

Debian Security Advisory

DSA-3727-1 hdf5 -- security update

Date Reported:

30 Nov 2016

Affected Packages:

hdf5

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 845301.
In Mitre's CVE dictionary: CVE-2016-4330, CVE-2016-4331, CVE-2016-4332, CVE-2016-4333.

More information:

Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data.

For the stable distribution (jessie), these problems have been fixed in version 1.8.13+docs-15+deb8u1.

For the testing distribution (stretch) and unstable distribution (sid), these problems have been fixed in version 1.10.0-patch1+docs-1.

We recommend that you upgrade your hdf5 packages.