Red Hat Product Errata RHSA-2018:3065 - Security Advisory
Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3065 - Security Advisory

Synopsis

Moderate: libkdcraw security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libkdcraw is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es):

  • LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)
  • LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)
  • LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)
  • LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)
  • LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1553332 - CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp
  • BZ - 1553334 - CVE-2018-5801 LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
  • BZ - 1553335 - CVE-2018-5802 LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
  • BZ - 1591887 - CVE-2018-5805 LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
  • BZ - 1591897 - CVE-2018-5806 LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp

Red Hat Enterprise Linux Server 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Workstation 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Desktop 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3

Red Hat Enterprise Linux for ARM 64 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
aarch64
libkdcraw-4.10.5-5.el7.aarch64.rpm SHA-256: 7b74ecf71f59cc551aeb312306d61e522ef6fa91485afa0ddb21aa90215b44f7
libkdcraw-debuginfo-4.10.5-5.el7.aarch64.rpm SHA-256: cce6ac70dbd07f210b18d04d66c0f11e3ac18979315b2e2185771619e484a75d
libkdcraw-devel-4.10.5-5.el7.aarch64.rpm SHA-256: df528e3ce1759c470ce4ce10bac6e7dd1cee1d27c25272e7b0b0268fdd1b07cb

Red Hat Enterprise Linux for Power 9 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.