libkdcraw-4.10.5-5.el7

エラータID: AXSA:2018-3381:01

Release date: 
Tuesday, November 6, 2018 - 03:55
Subject: 
libkdcraw-4.10.5-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Libkdcraw is a C interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es):

* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)

* LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)

* LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)

* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-5800
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5801
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5802
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5806
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libkdcraw-4.10.5-5.el7.src.rpm
    MD5: ec39c3d074cfa3bcee9e3bbc5224ece0
    SHA-256: 198fa0a0f2f6e4a70ac0574babf0fbb03842a61b267ba3db2ea29846a1d9555d
    Size: 356.43 kB

Asianux Server 7 for x86_64
  1. libkdcraw-4.10.5-5.el7.x86_64.rpm
    MD5: 756a410605378a604e15b762204851e7
    SHA-256: 7877c1d92e98dc9b62d78936b19a75d3feea5483f56472033b1da00a54ef581c
    Size: 118.94 kB
  2. libkdcraw-devel-4.10.5-5.el7.x86_64.rpm
    MD5: a59f7a2d6ad60fb461d9d0b113408691
    SHA-256: 7b9408fe35eeb21a237f5b2f7501d1f12b223bbc6d77993361b533184134d74c
    Size: 20.17 kB
  3. libkdcraw-4.10.5-5.el7.i686.rpm
    MD5: 7fec04042c725ac06cd5ffd10c59b276
    SHA-256: e102cac5ecc22609001df8a569b95c2a0bc687361dab136fd82344f8dd8e55ca
    Size: 120.85 kB
  4. libkdcraw-devel-4.10.5-5.el7.i686.rpm
    MD5: bc9c9424dbabb614da0103d301f870e4
    SHA-256: e4c7a77c62c417796ea519d729f05cece80936a9afa879742f6c0fdb8858ead4
    Size: 20.21 kB