Synopsis

Moderate: libkdcraw security update

Type/Severity

Security Advisory: Moderate

Topic

An update for libkdcraw is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es):

• LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)
  
• LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)
  
• LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)
  
• LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)
  
• LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux for Power, little endian 7 ppc64le
• Red Hat Enterprise Linux for ARM 64 7 aarch64
• Red Hat Enterprise Linux for Power 9 7 ppc64le

Fixes

• BZ - 1553332 - CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp
• BZ - 1553334 - CVE-2018-5801 LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
• BZ - 1553335 - CVE-2018-5802 LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
• BZ - 1591887 - CVE-2018-5805 LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
• BZ - 1591897 - CVE-2018-5806 LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp

CVEs

• CVE-2018-5800
• CVE-2018-5801
• CVE-2018-5802
• CVE-2018-5805
• CVE-2018-5806

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

Red Hat Enterprise Linux Server 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm	SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm	SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm	SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm	SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm	SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm	SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm	SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Workstation 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm	SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm	SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm	SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm	SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm	SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm	SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm	SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux Desktop 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm	SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
x86_64
libkdcraw-4.10.5-5.el7.i686.rpm	SHA-256: 71406d6e08a26c0baf5a87e8f6ec6c54c353a231a387e784c1662f076c7ce5e3
libkdcraw-4.10.5-5.el7.x86_64.rpm	SHA-256: 24f5d9b70dddc2219655dbbb90433f93bebfb71d7ae36f165825d8220bef968e
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm	SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm	SHA-256: ec30fe2dd6470898d502ec125e3f1018dd0b9416a0b946bad227d02b50069019
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm	SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm	SHA-256: 41d1d9af303ed89294d295e6a9818bc46c24ac7ff14e6b5886c23d33a88fe1fb
libkdcraw-devel-4.10.5-5.el7.i686.rpm	SHA-256: caf2690baf5d70fce696b0591ef995fe2f8cc575e8c477c97841dd3f4e5c8350
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm	SHA-256: a10f997d31f4f06e3d8106ad1686a29878e70182bc6b5cfe176b4ef32d2bb646

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm	SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm	SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm	SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm	SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3

Red Hat Enterprise Linux for ARM 64 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm	SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
aarch64
libkdcraw-4.10.5-5.el7.aarch64.rpm	SHA-256: 7b74ecf71f59cc551aeb312306d61e522ef6fa91485afa0ddb21aa90215b44f7
libkdcraw-4.10.5-5.el7.aarch64.rpm	SHA-256: 7b74ecf71f59cc551aeb312306d61e522ef6fa91485afa0ddb21aa90215b44f7
libkdcraw-4.10.5-5.el7.aarch64.rpm	SHA-256: 7b74ecf71f59cc551aeb312306d61e522ef6fa91485afa0ddb21aa90215b44f7
libkdcraw-debuginfo-4.10.5-5.el7.aarch64.rpm	SHA-256: cce6ac70dbd07f210b18d04d66c0f11e3ac18979315b2e2185771619e484a75d
libkdcraw-debuginfo-4.10.5-5.el7.aarch64.rpm	SHA-256: cce6ac70dbd07f210b18d04d66c0f11e3ac18979315b2e2185771619e484a75d
libkdcraw-debuginfo-4.10.5-5.el7.aarch64.rpm	SHA-256: cce6ac70dbd07f210b18d04d66c0f11e3ac18979315b2e2185771619e484a75d
libkdcraw-devel-4.10.5-5.el7.aarch64.rpm	SHA-256: df528e3ce1759c470ce4ce10bac6e7dd1cee1d27c25272e7b0b0268fdd1b07cb
libkdcraw-devel-4.10.5-5.el7.aarch64.rpm	SHA-256: df528e3ce1759c470ce4ce10bac6e7dd1cee1d27c25272e7b0b0268fdd1b07cb
libkdcraw-devel-4.10.5-5.el7.aarch64.rpm	SHA-256: df528e3ce1759c470ce4ce10bac6e7dd1cee1d27c25272e7b0b0268fdd1b07cb

Red Hat Enterprise Linux for Power 9 7

SRPM
libkdcraw-4.10.5-5.el7.src.rpm	SHA-256: 9859af50fa1a7e1e5905d3948c41bc4dfa6e04926c72c48606c142fd0843687c
ppc64le
libkdcraw-4.10.5-5.el7.ppc64le.rpm	SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-4.10.5-5.el7.ppc64le.rpm	SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-4.10.5-5.el7.ppc64le.rpm	SHA-256: ffba0e301ef0feecebd76df46db7a0c4a47c35bb307ff7726ff3fc994a5ceecc
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm	SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm	SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm	SHA-256: 34f3050549a2879c0b4105f481f52762dd69d7003d00788485068279c9d9cf5c
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm	SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm	SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3
libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm	SHA-256: 75d874ac86d8fbd100f8cb7ef11fd30c67ae3197b64177dfd95ce88d62b88cd3