Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2024:0538-1 Moderate: hdf5 Memory Leak And Handling Issues

suse
Calendar Grey February 20, 2024
Dist Suse Esm H88
SUSE has issued a security patch that resolves various vulnerabilities in hdf5. Make sure to perform the update to uphold system security.
* bsc#1011205 * bsc#1093641 * bsc#1125882 * bsc#1167400 * bsc#1207973

Summary

## This update for hdf5 fixes the following issues: Updated to version 1.10.11 * Changed the error handling for a not found path in the find plugin process. * Fixed CVE-2018-11202, a malformed file could result in chunk index memory leaks. * Fixed a file space allocation bug in the parallel library for chunked datasets. * Fixed an assertion failure in Parallel HDF5 when a file can't be created due to an invalid library version bounds setting. * Fixed an assertion in a previous fix for CVE-2016-4332. * Fixed segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image. Fixes HDFFV-11052, CVE-2020-10812. * Fixed memory leaks that could occur when reading a dataset from a malformed file. * Fixed a bug in H5Ocopy that could generate invalid HDF5 files

Topics%20covered

Topics Covered

security advisory moderate software update memory leak openSUSE SUSE Linux Enterprise hdf5

References

* bsc#1011205

* bsc#1093641

* bsc#1125882

* bsc#1167400

* bsc#1207973

* jsc#PED-7816

Cross-

* CVE-2016-4332

* CVE-2018-11202

* CVE-2019-8396

* CVE-2020-10812

* CVE-2021-37501

CVSS scores:

* CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-8396 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2019-8396 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2020-10812 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2020-10812 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0538-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate software update memory leak openSUSE SUSE Linux Enterprise hdf5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here