Patches are available for the following Talos vulnerabilities in HDF5-1.8 and HDF5-1.10:
CVE-2016-4330: HDF5 bug HDFFV-9992 (TALOS-2016-176)
CVE-2016-4331: HDF5 bug HDFFV-9951 (TALOS-2016-177)
CVE-2016-4332: HDF5 bug HDFFV-9950 (TALOS-2016-178)
CVE-2016-4333: HDF5 bug HDFFV-9993 (TALOS-2016-179)
The patches are provided for users who wish to apply them to versions of HDF5 that do not contain fixes for them.
The vulnerabilities were corrected in HDF5-1.8.18 and will be in HDF5-1.10.1.
The patches can be obtained here:
HDF5-1.8 Patch: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/talospatch/hdf51.8-CVE2016.patch
HDF5-1.10 Patch: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/talospatch/hdf51.10-CVE2016.patch
Please note that the HDF5-1.8 patch was ONLY tested with HDF5-1.8.17 and HDF5-1.8.16.
The HDF5-1.10 patch was tested with both HDF5-1.10.0-patch1 and HDF5-1.10.0.
To apply the patch on a Unix platform, type the following in the top level source code directory:
patch -p0 < [patchfilename]