Описание
Security update for hdf5
This update for hdf5 fixes the following issues:
Security issues fixed:
- CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405).
- CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401).
- CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404).
- CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570).
- CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569).
- CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).
- CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567).
- CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566).
- CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565).
- CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564).
- CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168).
- CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167).
- CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166).
- CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175).
- CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471).
- CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474).
- CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493).
- CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495).
- CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653).
- CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657).
- CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655).
- CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649).
- CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641).
- CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111).
- CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108).
- CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090).
- CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087).
Bugfixes:
- Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682).
- Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521).
- Add build support for gcc10 to HPC build (bsc#1174439).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
hdf5-gnu-hpc-1.10.8-150200.8.4.2
hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
hdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
hdf5-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2
hdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
hdf5-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2
hdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
hdf5-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2
hdf5-hpc-examples-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-hpc-examples-1.10.8-150200.8.4.2
libhdf5-gnu-hpc-1.10.8-150200.8.4.2
libhdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
hdf5-gnu-hpc-1.10.8-150200.8.4.2
hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
hdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
hdf5-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2
hdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
hdf5-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2
hdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
hdf5-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2
hdf5-hpc-examples-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150200.8.4.3
hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150200.8.4.2
hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150200.8.4.2
hdf5_1_10_8-hpc-examples-1.10.8-150200.8.4.2
libhdf5-gnu-hpc-1.10.8-150200.8.4.2
libhdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3
libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2
libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
Ссылки
- Link for SUSE-SU-2022:1910-1
- E-Mail link for SUSE-SU-2022:1910-1
- SUSE Security Ratings
- SUSE Bug 1072087
- SUSE Bug 1072090
- SUSE Bug 1072108
- SUSE Bug 1072111
- SUSE Bug 1093641
- SUSE Bug 1093649
- SUSE Bug 1093653
- SUSE Bug 1093655
- SUSE Bug 1093657
- SUSE Bug 1101471
- SUSE Bug 1101474
- SUSE Bug 1101493
- SUSE Bug 1101495
- SUSE Bug 1102175
- SUSE Bug 1109166
- SUSE Bug 1109167
- SUSE Bug 1109168
Описание
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2017-17505
- SUSE Bug 1072087
Описание
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2017-17506
- SUSE Bug 1072090
Описание
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2017-17508
- SUSE Bug 1072108
Описание
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2017-17509
- SUSE Bug 1072111
Описание
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-11202
- SUSE Bug 1093641
Описание
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-11203
- SUSE Bug 1093649
Описание
A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-11204
- SUSE Bug 1093655
Описание
An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-11206
- SUSE Bug 1093657
Описание
A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-11207
- SUSE Bug 1093653
- SUSE Bug 1105590
- SUSE Bug 1109168
Описание
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-13869
- SUSE Bug 1101495
Описание
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-13870
- SUSE Bug 1101493
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11206. Reason: This candidate is a reservation duplicate of CVE-2018-11206. Notes: All CVE users should reference CVE-2018-11206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-14032
- SUSE Bug 1101474
Описание
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-14033
- SUSE Bug 1101471
Описание
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-14460
- SUSE Bug 1102175
Описание
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17233
- SUSE Bug 1109166
Описание
Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17234
- SUSE Bug 1109167
Описание
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17237
- SUSE Bug 1093653
- SUSE Bug 1109168
Описание
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17432
- SUSE Bug 1109564
Описание
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17433
- SUSE Bug 1109565
Описание
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17434
- SUSE Bug 1109566
Описание
A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17435
- SUSE Bug 1109567
Описание
ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17436
- SUSE Bug 1109568
Описание
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17437
- SUSE Bug 1109569
Описание
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2018-17438
- SUSE Bug 1109570
Описание
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2020-10809
- SUSE Bug 1167404
Описание
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2020-10810
- SUSE Bug 1167401
Описание
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3
Ссылки
- CVE-2020-10811
- SUSE Bug 1167405