Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:1912-1 Important: HDF5 DoS And Buffer Overflow Fix

suse
Calendar Grey June 2, 2022
Dist Suse Esm H88
Crucial SUSE patch for hdf5 addresses 15 vulnerabilities, including DoS threats and memory leaks, enhancing overall user security.
An update that solves 15 vulnerabilities and has two fixes is now available

Summary

This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).

Topics%20covered

Topics Covered

security advisory denial of service update buffer overflow important SUSE hdf5

References

#1093657 #1101471 #1101474 #1102175 #1109167

#1109168 #1109564 #1109565 #1109566 #1109568

#1109569 #1109570 #1167401 #1167404 #1167405

#1179521 #1196682

Cross- CVE-2018-11206 CVE-2018-14032 CVE-2018-14033

CVE-2018-14460 CVE-2018-17234 CVE-2018-17237

CVE-2018-17432 CVE-2018-17433 CVE-2018-17434

CVE-2018-17436 CVE-2018-17437 CVE-2018-17438

CVE-2020-10809 CVE-2020-10810 CVE-2020-10811

CVSS scores:

CVE-2018-11206 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-11206 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2018-14032 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2018-14033 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-14033 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1912-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service update buffer overflow important SUSE hdf5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here