SUSE-SU-2024:3144-1

Описание

This update for hdf5, netcdf, trilinos fixes the following issues:

hdf5 was updated from version 1.10.8 to 1.10.11:

• Security issues fixed:

  • CVE-2019-8396: Fixed problems with malformed HDF5 files where content does not match expected size. (bsc#1125882)

  • CVE-2018-11202: Fixed that a malformed file could result in chunk index memory leaks. (bsc#1093641)

  • CVE-2016-4332: Fixed an assertion in a previous fix for this issue (bsc#1011205).

  • CVE-2020-10812: Fixed a segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image.Fixes HDFFV-11052, (bsc#1167400).

  • CVE-2021-37501: Fixed buffer overflow in hdf5-h5dump (bsc#1207973)

  • Other security issues fixed (bsc#1224158):

    • CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608,
    • CVE-2024-32610, CVE-2024-32614, CVE-2024-32619, CVE-2024-32620,
    • CVE-2024-33873, CVE-2024-33874, CVE-2024-33875
    • Additionally, these fixes resolve crashes triggered by the reproducers for CVE-2017-17507, CVE-2018-11205. These crashes appear to be unrelated to the original problems

• Other issues fixed:

  • Remove timestamp/buildhost/kernel version from libhdf5.settings (bsc#1209548)

  • Changed the error handling for a not found path in the find plugin process.

  • Fixed a file space allocation bug in the parallel library for chunked datasets.

  • Fixed an assertion failure in Parallel HDF5 when a file can't be created due to an invalid library version bounds setting.

  • Fixed memory leaks that could occur when reading a dataset from a malformed file.

  • Fixed a bug in H5Ocopy that could generate invalid HDF5 files

  • Fixed potential heap buffer overflow in decoding of link info message.

  • Fixed potential buffer overrun issues in some object header decode routines.

  • Fixed a heap buffer overflow that occurs when reading from a dataset with a compact layout within a malformed HDF5 file.

  • Fixed memory leak when running h5dump with proof of vulnerability file.

  • Added option --no-compact-subset to h5diff

  • Several improvements to parallel compression feature, including:

    • Improved support for collective I/O (for both writes and reads).
    • Reduction of copying of application data buffers passed to H5Dwrite.
    • Addition of support for incremental file space allocation for filtered datasets created in parallel.
    • Addition of support for HDF5's 'don't filter partial edge chunks' flag
    • Addition of proper support for HDF5 fill values with the feature.
    • Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro toH5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available.
    • Addition of simple examples

  • h5repack added an optional verbose value for reporting R/W timing.

  • Fixed a metadata cache bug when resizing a pinned/protected cache entry.

  • Fixed a problem with the H5_VERS_RELEASE check in the H5check_version function.

  • Unified handling of collective metadata reads to correctly fix old bugs.

  • Fixed several potential MPI deadlocks in library failure conditions.

  • Fixed an issue with collective metadata reads being permanently disabled after a dataset chunk lookup operation.

netcdf was updated to fix:

• rebuild against new hdf5 library version.

trilinos was updated to fix:

• Rebuild against new hdf5 library version.
• Fix dependency in module file for MPI version of Trilinos to depend on the correct version of netcdf (bsc#1210049). This prevents the error message: 'Lmod has detected the following error: These module(s) or extension(s) exist but cannot be loaded as requested: 'trilinos'