Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:3065 - Security Advisory
Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3065 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libkdcraw security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libkdcraw is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es):

  • LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)
  • LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)
  • LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)
  • LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)
  • LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le

Fixes

  • BZ - 1553332 - CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp
  • BZ - 1553334 - CVE-2018-5801 LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
  • BZ - 1553335 - CVE-2018-5802 LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
  • BZ - 1591887 - CVE-2018-5805 LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
  • BZ - 1591897 - CVE-2018-5806 LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp

CVEs

  • CVE-2018-5800
  • CVE-2018-5801
  • CVE-2018-5802
  • CVE-2018-5805
  • CVE-2018-5806

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Workstation 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Desktop 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3

Red Hat Enterprise Linux for ARM 64 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
aarch64
libkdcraw-4.10.5-5.el7.aarch64.rpm SHA-256: 7b74ecf71f59cc551aeb312306d61e522ef6fa91485afa0ddb21aa90215b44f7
libkdcraw-debuginfo-4.10.5-5.el7.aarch64.rpm SHA-256: cce6ac70dbd07f210b18d04d66c0f11e3ac18979315b2e2185771619e484a75d
libkdcraw-devel-4.10.5-5.el7.aarch64.rpm SHA-256: df528e3ce1759c470ce4ce10bac6e7dd1cee1d27c25272e7b0b0268fdd1b07cb

Red Hat Enterprise Linux for Power 9 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter