summaryrefslogtreecommitdiffstats
path: root/release_docs
diff options
context:
space:
mode:
authorDana Robinson <derobins@hdfgroup.org>2018-05-11 23:51:03 (GMT)
committerDana Robinson <derobins@hdfgroup.org>2018-05-11 23:51:03 (GMT)
commit2636f401ba236e99adda4cc50fb89bebbe0b73fd (patch)
tree99452a08724f938b10855b906840bd830d7124e8 /release_docs
parent00f42b152636696f59adb41c527424196c747e2c (diff)
downloadhdf5-2636f401ba236e99adda4cc50fb89bebbe0b73fd.zip
hdf5-2636f401ba236e99adda4cc50fb89bebbe0b73fd.tar.gz
hdf5-2636f401ba236e99adda4cc50fb89bebbe0b73fd.tar.bz2
Moved a fix for HDFFV-10358 (CVE-2017-17509) from develop to 1.8.
This was done manually due to the cache differences between 1.8 and develop.
Diffstat (limited to 'release_docs')
-rw-r--r--release_docs/RELEASE.txt17
1 files changed, 17 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 30b148a..ad06d40 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -209,6 +209,23 @@ Bug Fixes since HDF5-1.8.20
(DER - 2018/02/26, HDFFV-10357)
+ - If an HDF5 file contains a malformed symbol table node that declares
+ it contains more symbols than it actually contains, the library
+ can run off the end of the metadata cache buffer while processing
+ the symbol table node.
+
+ This issue was reported to The HDF Group as issue #CVE-2017-17509.
+
+ NOTE: The HDF5 C library cannot produce such a file. This condition
+ should only occur in a corrupt (or deliberately altered) file
+ or a file created by third-party software.
+
+ Performing bounds checks on the buffer while processing fixes the
+ problem. Instead of the segmentation fault, the normal HDF5 error
+ handling is invoked.
+
+ (DER - 2018/03/12, HDFFV-10358)
+
Configuration
-------------
- CMake