SUSE-SU-2024:0882-1: moderate: Security update for hdf5

SLE-UPDATES null at suse.de
Mon Aug 19 12:42:07 UTC 2024



# Security update for hdf5

Announcement ID: SUSE-SU-2024:0882-1  
Rating: moderate  
References:

  * bsc#1011205
  * bsc#1093641
  * bsc#1125882
  * bsc#1167400
  * bsc#1207973
  * bsc#1209548
  * bsc#133222
  * jsc#PED-7816

  
Cross-References:

  * CVE-2016-4332
  * CVE-2018-11202
  * CVE-2019-8396
  * CVE-2020-10812
  * CVE-2021-37501

  
CVSS scores:

  * CVE-2016-4332 ( NVD ):  8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  * CVE-2018-11202 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  * CVE-2018-11202 ( NVD ):  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2019-8396 ( SUSE ):  3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  * CVE-2019-8396 ( NVD ):  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2020-10812 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  * CVE-2020-10812 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2021-37501 ( SUSE ):  6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  * CVE-2021-37501 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * HPC Module 12
  * SUSE Linux Enterprise High Performance Computing 12 SP2
  * SUSE Linux Enterprise High Performance Computing 12 SP3
  * SUSE Linux Enterprise High Performance Computing 12 SP4
  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP2
  * SUSE Linux Enterprise Server 12 SP3
  * SUSE Linux Enterprise Server 12 SP4
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP2
  * SUSE Linux Enterprise Server for SAP Applications 12 SP3
  * SUSE Linux Enterprise Server for SAP Applications 12 SP4
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves five vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update for hdf5 fixes the following issues:

Updated to version 1.10.11

  * Changed the error handling for a not found path in the find plugin process.
  * Fixed CVE-2018-11202, a malformed file could result in chunk index memory
    leaks.
  * Fixed a file space allocation bug in the parallel library for chunked
    datasets.
  * Fixed an assertion failure in Parallel HDF5 when a file can't be created due
    to an invalid library version bounds setting.
  * Fixed an assertion in a previous fix for CVE-2016-4332.
  * Fixed segfault on file close in h5debug which fails with a core dump on a
    file that has an illegal file size in its cache image. Fixes HDFFV-11052,
    CVE-2020-10812.
  * Fixed memory leaks that could occur when reading a dataset from a malformed
    file.
  * Fixed a bug in H5Ocopy that could generate invalid HDF5 files
  * Fixed potential heap buffer overflow in decoding of link info message.
  * Fixed potential buffer overrun issues in some object header decode routines.
  * Fixed a heap buffer overflow that occurs when reading from a dataset with a
    compact layout within a malformed HDF5 file.
  * Fixed CVE-2019-8396, malformed HDF5 files where content does not match
    expected size.
  * Fixed memory leak when running h5dump with proof of vulnerability file.
  * Added option --no-compact-subset to h5diff.

Fixes since 1.10.10:

  * Fixed a memory corruption when reading from dataset using a hyperslab
    selection in file dataspace and a point selection memory dataspace.
  * Fix CVE-2021-37501
  * Fixed an issue with variable length attributes.
  * Fixed an issue with hyperslab selections where an incorrect combined
    selection was produced.
  * Fixed an issue with attribute type conversion with compound datatypes.
  * Modified H5Fstart_swmr_write() to preserve DAPL properties.
  * Converted an assertion on (possibly corrupt) file contents to a normal error
    check.
  * Fixed memory leak with variable-length fill value in H5O_fill_convert().
  * Fix h5repack to only print output when verbose option is selected.

Fixes since 1.10.9:

  * Several improvements to parallel compression feature, including:
    * Improved support for collective I/O (for both writes and reads).
    * Reduction of copying of application data buffers passed to H5Dwrite.
    * Addition of support for incremental file space allocation for filtered datasets created in parallel.
    * Addition of support for HDF5's "don't filter partial edge chunks" flag
    * Addition of proper support for HDF5 fill values with the feature.
    * Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to H5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available.
    * Addition of simple examples
  * h5repack added an optional verbose value for reporting R/W timing.
  * Fixed a metadata cache bug when resizing a pinned/protected cache entry.
  * Fixed a problem with the H5_VERS_RELEASE check in the H5check_version
    function.
  * Unified handling of collective metadata reads to correctly fix old bugs.
  * Fixed several potential MPI deadlocks in library failure conditions.
  * Fixed an issue with collective metadata reads being permanently disabled
    after a dataset chunk lookup operation.

  * Remove timestamp/buildhost/kernel version from libhdf5.settings
    (bsc#1209548).

  * set higher constraints for succesfull mpich tests (bsc#133222)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * HPC Module 12  
    zypper in -t patch SUSE-SLE-Module-HPC-12-2024-882=1

## Package List:

  * HPC Module 12 (noarch)
    * hdf5-gnu-hpc-devel-1.10.11-3.21.1
    * hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.21.1
    * hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.21.1
  * HPC Module 12 (aarch64 x86_64)
    * libhdf5_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_cpp-gnu-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-devel-static-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-devel-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-debugsource-1.10.11-3.21.1
    * libhdf5_hl-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-debugsource-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5-gnu-hpc-1.10.11-3.21.1
    * libhdf5_hl-gnu-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_fortran-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-devel-static-1.10.11-3.21.1
    * libhdf5_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-devel-static-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-module-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-module-1.10.11-3.21.1
    * libhdf5_hl-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-devel-1.10.11-3.21.1
    * libhdf5_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-devel-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_hl_cpp-gnu-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_hl_fortran-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-module-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-debugsource-1.10.11-3.21.1

## References:

  * https://www.suse.com/security/cve/CVE-2016-4332.html
  * https://www.suse.com/security/cve/CVE-2018-11202.html
  * https://www.suse.com/security/cve/CVE-2019-8396.html
  * https://www.suse.com/security/cve/CVE-2020-10812.html
  * https://www.suse.com/security/cve/CVE-2021-37501.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1011205
  * https://bugzilla.suse.com/show_bug.cgi?id=1093641
  * https://bugzilla.suse.com/show_bug.cgi?id=1125882
  * https://bugzilla.suse.com/show_bug.cgi?id=1167400
  * https://bugzilla.suse.com/show_bug.cgi?id=1207973
  * https://bugzilla.suse.com/show_bug.cgi?id=1209548
  * https://bugzilla.suse.com/show_bug.cgi?id=133222
  * https://jira.suse.com/browse/PED-7816

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240819/43a26206/attachment.htm>


More information about the sle-updates mailing list