Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:1903-1 Important: HDF5 Buffer Overflows Severity Critical

suse
Calendar Grey June 1, 2022
Dist Suse Esm H88
The latest hdf5 release addresses several critical security flaws and introduces necessary patches. Key security notice issued by SUSE.
An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available

Summary

This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update important SUSE hdf5

References

#1072087 #1072090 #1072108 #1072111 #1093641

#1093649 #1093653 #1093655 #1093657 #1101471

#1101474 #1101493 #1101495 #1102175 #1109166

#1109167 #1109168 #1109564 #1109565 #1109566

#1109567 #1109568 #1109569 #1109570 #1134298

#1167401 #1167404 #1167405 #1169793 #1174439

#1179521 #1196682 SLE-7766 SLE-7773 SLE-8501

SLE-8604

Cross- CVE-2017-17505 CVE-2017-17506 CVE-2017-17508

CVE-2017-17509 CVE-2018-11202 CVE-2018-11203

CVE-2018-11204 CVE-2018-11206 CVE-2018-11207

CVE-2018-13869 CVE-2018-13870 CVE-2018-14032

CVE-2018-14033 CVE-2018-14460 CVE-2018-17233

CVE-2018-17234 CVE-2018-17237 CVE-2018-17432

CVE-2018-17433 CVE-2018-17434 CVE-2018-17435

CVE-2018-17436 CVE-2018-17437 CVE-2018-17438

CVE...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1903-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update important SUSE hdf5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here