SUSE-SU-2024:0882-1: moderate: Security update for hdf5
SLE-SECURITY-UPDATES
null at suse.de
Mon Aug 19 12:42:07 UTC 2024
# Security update for hdf5
Announcement ID: SUSE-SU-2024:0882-1
Rating: moderate
References:
* bsc#1011205
* bsc#1093641
* bsc#1125882
* bsc#1167400
* bsc#1207973
* bsc#1209548
* bsc#133222
* jsc#PED-7816
Cross-References:
* CVE-2016-4332
* CVE-2018-11202
* CVE-2019-8396
* CVE-2020-10812
* CVE-2021-37501
CVSS scores:
* CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2019-8396 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2019-8396 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-10812 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2020-10812 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-37501 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2021-37501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* HPC Module 12
* SUSE Linux Enterprise High Performance Computing 12 SP2
* SUSE Linux Enterprise High Performance Computing 12 SP3
* SUSE Linux Enterprise High Performance Computing 12 SP4
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP2
* SUSE Linux Enterprise Server 12 SP3
* SUSE Linux Enterprise Server 12 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP2
* SUSE Linux Enterprise Server for SAP Applications 12 SP3
* SUSE Linux Enterprise Server for SAP Applications 12 SP4
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
An update that solves five vulnerabilities, contains one feature and has two
security fixes can now be installed.
## Description:
This update for hdf5 fixes the following issues:
Updated to version 1.10.11
* Changed the error handling for a not found path in the find plugin process.
* Fixed CVE-2018-11202, a malformed file could result in chunk index memory
leaks.
* Fixed a file space allocation bug in the parallel library for chunked
datasets.
* Fixed an assertion failure in Parallel HDF5 when a file can't be created due
to an invalid library version bounds setting.
* Fixed an assertion in a previous fix for CVE-2016-4332.
* Fixed segfault on file close in h5debug which fails with a core dump on a
file that has an illegal file size in its cache image. Fixes HDFFV-11052,
CVE-2020-10812.
* Fixed memory leaks that could occur when reading a dataset from a malformed
file.
* Fixed a bug in H5Ocopy that could generate invalid HDF5 files
* Fixed potential heap buffer overflow in decoding of link info message.
* Fixed potential buffer overrun issues in some object header decode routines.
* Fixed a heap buffer overflow that occurs when reading from a dataset with a
compact layout within a malformed HDF5 file.
* Fixed CVE-2019-8396, malformed HDF5 files where content does not match
expected size.
* Fixed memory leak when running h5dump with proof of vulnerability file.
* Added option --no-compact-subset to h5diff.
Fixes since 1.10.10:
* Fixed a memory corruption when reading from dataset using a hyperslab
selection in file dataspace and a point selection memory dataspace.
* Fix CVE-2021-37501
* Fixed an issue with variable length attributes.
* Fixed an issue with hyperslab selections where an incorrect combined
selection was produced.
* Fixed an issue with attribute type conversion with compound datatypes.
* Modified H5Fstart_swmr_write() to preserve DAPL properties.
* Converted an assertion on (possibly corrupt) file contents to a normal error
check.
* Fixed memory leak with variable-length fill value in H5O_fill_convert().
* Fix h5repack to only print output when verbose option is selected.
Fixes since 1.10.9:
* Several improvements to parallel compression feature, including:
* Improved support for collective I/O (for both writes and reads).
* Reduction of copying of application data buffers passed to H5Dwrite.
* Addition of support for incremental file space allocation for filtered datasets created in parallel.
* Addition of support for HDF5's "don't filter partial edge chunks" flag
* Addition of proper support for HDF5 fill values with the feature.
* Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to H5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available.
* Addition of simple examples
* h5repack added an optional verbose value for reporting R/W timing.
* Fixed a metadata cache bug when resizing a pinned/protected cache entry.
* Fixed a problem with the H5_VERS_RELEASE check in the H5check_version
function.
* Unified handling of collective metadata reads to correctly fix old bugs.
* Fixed several potential MPI deadlocks in library failure conditions.
* Fixed an issue with collective metadata reads being permanently disabled
after a dataset chunk lookup operation.
* Remove timestamp/buildhost/kernel version from libhdf5.settings
(bsc#1209548).
* set higher constraints for succesfull mpich tests (bsc#133222)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* HPC Module 12
zypper in -t patch SUSE-SLE-Module-HPC-12-2024-882=1
## Package List:
* HPC Module 12 (noarch)
* hdf5-gnu-hpc-devel-1.10.11-3.21.1
* hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.21.1
* hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.21.1
* HPC Module 12 (aarch64 x86_64)
* libhdf5_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5_cpp-gnu-hpc-1.10.11-3.21.1
* libhdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
* hdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-openmpi1-hpc-devel-static-1.10.11-3.21.1
* libhdf5_hl_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* hdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-hpc-devel-1.10.11-3.21.1
* libhdf5_hl_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1
* libhdf5hl_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-openmpi1-hpc-debugsource-1.10.11-3.21.1
* libhdf5_hl-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5hl_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* hdf5_1_10_11-gnu-hpc-debugsource-1.10.11-3.21.1
* libhdf5_hl_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* libhdf5-gnu-hpc-1.10.11-3.21.1
* libhdf5_hl-gnu-hpc-1.10.11-3.21.1
* libhdf5_hl_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_fortran-gnu-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-hpc-devel-static-1.10.11-3.21.1
* libhdf5_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-mvapich2-hpc-devel-static-1.10.11-3.21.1
* hdf5_1_10_11-gnu-hpc-module-1.10.11-3.21.1
* hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-mvapich2-hpc-module-1.10.11-3.21.1
* libhdf5_hl-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_hl_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* libhdf5-gnu-mvapich2-hpc-1.10.11-3.21.1
* libhdf5_hl_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-openmpi1-hpc-devel-1.10.11-3.21.1
* libhdf5_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1
* libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-mvapich2-hpc-devel-1.10.11-3.21.1
* libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_hl_cpp-gnu-hpc-1.10.11-3.21.1
* libhdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* libhdf5-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_1_10_11-gnu-hpc-1.10.11-3.21.1
* libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_hl_fortran-gnu-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-openmpi1-hpc-module-1.10.11-3.21.1
* libhdf5_hl_1_10_11-gnu-hpc-1.10.11-3.21.1
* libhdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* hdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
* libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1
* libhdf5_hl_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
* libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
* libhdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
* hdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
* hdf5_1_10_11-gnu-mvapich2-hpc-debugsource-1.10.11-3.21.1
## References:
* https://www.suse.com/security/cve/CVE-2016-4332.html
* https://www.suse.com/security/cve/CVE-2018-11202.html
* https://www.suse.com/security/cve/CVE-2019-8396.html
* https://www.suse.com/security/cve/CVE-2020-10812.html
* https://www.suse.com/security/cve/CVE-2021-37501.html
* https://bugzilla.suse.com/show_bug.cgi?id=1011205
* https://bugzilla.suse.com/show_bug.cgi?id=1093641
* https://bugzilla.suse.com/show_bug.cgi?id=1125882
* https://bugzilla.suse.com/show_bug.cgi?id=1167400
* https://bugzilla.suse.com/show_bug.cgi?id=1207973
* https://bugzilla.suse.com/show_bug.cgi?id=1209548
* https://bugzilla.suse.com/show_bug.cgi?id=133222
* https://jira.suse.com/browse/PED-7816
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20240819/7f608f87/attachment.htm>
More information about the sle-security-updates
mailing list