Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:1911-1 Critical: HDF5 and SUSE-HPC Buffer Overflow Fix

suse
Calendar Grey June 2, 2022
Dist Suse Esm H88
Major SUSE Security Patch addresses 27 vulnerabilities in hdf5 and suse-hpc. Important updates are now up for grabs!
An update that solves 27 vulnerabilities, contains four features and has 8 fixes is now available

Summary

This update for hdf5, suse-hpc fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical suse hdf5 suse-hpc

References

#1072087 #1072090 #1072108 #1072111 #1093641

#1093649 #1093653 #1093655 #1093657 #1101471

#1101474 #1101493 #1101495 #1102175 #1109166

#1109167 #1109168 #1109564 #1109565 #1109566

#1109567 #1109568 #1109569 #1109570 #1116458

#1124509 #1133222 #1134298 #1167401 #1167404

#1167405 #1169793 #1174439 #1179521 #1196682

SLE-7766 SLE-7773 SLE-8501 SLE-8604

Cross- CVE-2017-17505 CVE-2017-17506 CVE-2017-17508

CVE-2017-17509 CVE-2018-11202 CVE-2018-11203

CVE-2018-11204 CVE-2018-11206 CVE-2018-11207

CVE-2018-13869 CVE-2018-13870 CVE-2018-14032

CVE-2018-14033 CVE-2018-14460 CVE-2018-17233

CVE-2018-17234 CVE-2018-17237 CVE-2018-17432

CVE-2018-17433 CVE-2018-17434 CVE-2018-17435

CVE-2018-17436 CVE-2018-17437 CVE-2018-1...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1911-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical suse hdf5 suse-hpc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here