libkdcraw-4.10.5-5.el7
エラータID: AXSA:2018-3381:01
Libkdcraw is a C interface around the LibRaw library used to decode the RAW picture files.
Security Fix(es):
* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)
* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)
* LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)
* LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)
* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.
CVE-2018-5800
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5801
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5802
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5806
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
Update packages.
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
N/A
SRPMS
- libkdcraw-4.10.5-5.el7.src.rpm
MD5: ec39c3d074cfa3bcee9e3bbc5224ece0
SHA-256: 198fa0a0f2f6e4a70ac0574babf0fbb03842a61b267ba3db2ea29846a1d9555d
Size: 356.43 kB
Asianux Server 7 for x86_64
- libkdcraw-4.10.5-5.el7.x86_64.rpm
MD5: 756a410605378a604e15b762204851e7
SHA-256: 7877c1d92e98dc9b62d78936b19a75d3feea5483f56472033b1da00a54ef581c
Size: 118.94 kB - libkdcraw-devel-4.10.5-5.el7.x86_64.rpm
MD5: a59f7a2d6ad60fb461d9d0b113408691
SHA-256: 7b9408fe35eeb21a237f5b2f7501d1f12b223bbc6d77993361b533184134d74c
Size: 20.17 kB - libkdcraw-4.10.5-5.el7.i686.rpm
MD5: 7fec04042c725ac06cd5ffd10c59b276
SHA-256: e102cac5ecc22609001df8a569b95c2a0bc687361dab136fd82344f8dd8e55ca
Size: 120.85 kB - libkdcraw-devel-4.10.5-5.el7.i686.rpm
MD5: bc9c9424dbabb614da0103d301f870e4
SHA-256: e4c7a77c62c417796ea519d729f05cece80936a9afa879742f6c0fdb8858ead4
Size: 20.21 kB