Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2105-1

Опубликовано: 20 июн. 2024
Источник: suse-cvrf

Описание

Security update for hdf5

This update for hdf5 fixes the following issues:

  • Fix various security issues in hdf5 (bsc#1224158):

    CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, CVE-2024-32610, CVE-2024-32614, CVE-2024-32619, CVE-2024-32620, CVE-2024-33873, CVE-2024-33874, CVE-2024-33875

  • Additionally, these fixes resolve crashes triggered by the reproducers for CVE-2017-17507, CVE-2018-11205. These crashes appear to be unrelated to the original problems.

  • set higher constraints for succesful mpich tests (bsc#1133222)

Список пакетов

SUSE Linux Enterprise Module for HPC 12
hdf5-gnu-hpc-devel-1.10.11-3.24.1
hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
hdf5_1_10_11-gnu-hpc-devel-1.10.11-3.24.1
hdf5_1_10_11-gnu-hpc-devel-static-1.10.11-3.24.1
hdf5_1_10_11-gnu-hpc-module-1.10.11-3.24.1
hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
hdf5_1_10_11-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
hdf5_1_10_11-gnu-mvapich2-hpc-devel-static-1.10.11-3.24.1
hdf5_1_10_11-gnu-mvapich2-hpc-module-1.10.11-3.24.1
hdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1
hdf5_1_10_11-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
hdf5_1_10_11-gnu-openmpi1-hpc-devel-static-1.10.11-3.24.1
hdf5_1_10_11-gnu-openmpi1-hpc-module-1.10.11-3.24.1
libhdf5-gnu-hpc-1.10.11-3.24.1
libhdf5-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
libhdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_cpp-gnu-hpc-1.10.11-3.24.1
libhdf5_cpp_1_10_11-gnu-hpc-1.10.11-3.24.1
libhdf5_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_fortran-gnu-hpc-1.10.11-3.24.1
libhdf5_fortran-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_fortran-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_fortran_1_10_11-gnu-hpc-1.10.11-3.24.1
libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_hl-gnu-hpc-1.10.11-3.24.1
libhdf5_hl-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_hl-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_hl_1_10_11-gnu-hpc-1.10.11-3.24.1
libhdf5_hl_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_hl_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_hl_cpp-gnu-hpc-1.10.11-3.24.1
libhdf5_hl_cpp_1_10_11-gnu-hpc-1.10.11-3.24.1
libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5_hl_fortran-gnu-hpc-1.10.11-3.24.1
libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.11-3.24.1
libhdf5hl_fortran_1_10_11-gnu-hpc-1.10.11-3.24.1
libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.24.1
libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.24.1

Ссылки

Описание

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки

Описание

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.24.1
SUSE Linux Enterprise Module for HPC 12:hdf5_1_10_11-gnu-hpc-1.10.11-3.24.1
Ссылки
Уязвимость SUSE-SU-2024:2105-1