diff options
| author | Egbert Eich <eich@suse.com> | 2022-11-11 06:05:00 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-11 06:05:00 (GMT) |
| commit | 0f94940f1a9ae95de38b70709eb413511b76c73b (patch) | |
| tree | 6ddf84feb36d47b7849b024250dd2cd8321b8b26 /release_docs | |
| parent | 34ec3bb7bc129f52bda4d82601f3bce65426459d (diff) | |
| download | hdf5-0f94940f1a9ae95de38b70709eb413511b76c73b.zip hdf5-0f94940f1a9ae95de38b70709eb413511b76c73b.tar.gz hdf5-0f94940f1a9ae95de38b70709eb413511b76c73b.tar.bz2 | |
H5O_dtype_decode_helper: Parent of enum needs to have same size as enum itself (#2237)
The size of the enumeration values is determined by the size of the parent.
Functions accessing the enumeration values use the size of the enumeration
to determine the size of each element and how much data to copy. Thus the
size of the enumeration and its parent need to match.
Check here to avoid unpleasant surprises later.
This fixes CVE-2018-14031 / Bug #2236.
Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 8e4a3c2..158472c 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -172,19 +172,6 @@ Bug Fixes since HDF5-1.13.3 release =================================== Library ------- - - Fix CVE-2018-16438 / GHSA-9xmm-cpf8-rgmx - - Make sure info block for external links has at least 3 bytes. - - According to the specification, the information block for external links - contains 1 byte of version/flag information and two 0 terminated strings - for the object linked to and the full path. - Although not very useful, the minimum string length for each (with - terminating 0) would be one byte. - Checking this helps to avoid SEGVs triggered by bogus files. - - (EFE - 2022/10/09 GH-2233) - - Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf Validate location (offset) of the accumulated metadata when comparing. @@ -199,6 +186,19 @@ Bug Fixes since HDF5-1.13.3 release member in the same structure is true the location is valid. (EFE - 2022/10/10 GH-2230) + + - Fix CVE-2018-16438 / GHSA-9xmm-cpf8-rgmx + + Make sure info block for external links has at least 3 bytes. + + According to the specification, the information block for external links + contains 1 byte of version/flag information and two 0 terminated strings + for the object linked to and the full path. + Although not very useful, the minimum string length for each (with + terminating 0) would be one byte. + Checking this helps to avoid SEGVs triggered by bogus files. + + (EFE - 2022/10/09 GH-2233) - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2 @@ -213,6 +213,19 @@ Bug Fixes since HDF5-1.13.3 release (EFE - 2022/10/05 GH-2228) + - Fix CVE-2018-14031 / GHSA-2xc7-724c-r36j + + Parent of enum datatype message must have the same size as the + enum datatype message itself. + Functions accessing the enumeration values use the size of the + enumeration datatype to determine the size of each element and + how much data to copy. + Thus the size of the enumeration and its parent need to match. + Check in H5O_dtype_decode_helper() to avoid unpleasant surprises + later. + + (EFE - 2022/09/28 GH-2236) + - Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7 H5IMget_image_info(): Make sure to not exceed local array size |