SUSE: 2024:0882-1 moderate: hdf5 Security Advisory Updates
Summary
## This update for hdf5 fixes the following issues: Updated to version 1.10.11 * Changed the error handling for a not found path in the find plugin process. * Fixed CVE-2018-11202, a malformed file could result in chunk index memory leaks. * Fixed a file space allocation bug in the parallel library for chunked datasets. * Fixed an assertion failure in Parallel HDF5 when a file can't be created due to an invalid library version bounds setting. * Fixed an assertion in a previous fix for CVE-2016-4332. * Fixed segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image. Fixes HDFFV-11052, CVE-2020-10812. * Fixed memory leaks that could occur when reading a dataset from a malformed file. * Fixed a bug in H5Ocopy that could generate invalid HDF5 files * Fixed potential heap buffer overflow in decoding of link info message. * Fixed potential buffer overrun issues in some object header decode routines. * Fixed a heap buffer overflow that occurs when reading from a dataset with a compact layout within a malformed HDF5 file. * Fixed CVE-2019-8396, malformed HDF5 files where content does not match expected size. * Fixed memory leak when running h5dump with proof of vulnerability file. * Added option --no-compact-subset to h5diff. Fixes since 1.10.10: * Fixed a memory corruption when reading from dataset using a hyperslab selection in file dataspace and a point selection memory dataspace. * Fix CVE-2021-37501 * Fixed an issue with variable length attributes. * Fixed an issue with hyperslab selections where an incorrect combined selection was produced. * Fixed an issue with attribute type conversion with compound datatypes. * Modified H5Fstart_swmr_write() to preserve DAPL properties. * Converted an assertion on (possibly corrupt) file contents to a normal error check. * Fixed memory leak with variable-length fill value in H5O_fill_convert(). * Fix h5repack to only print output when verbose option is selected. Fixes since 1.10.9: * Several improvements to parallel compression feature, including: * Improved support for collective I/O (for both writes and reads). * Reduction of copying of application data buffers passed to H5Dwrite. * Addition of support for incremental file space allocation for filtered datasets created in parallel. * Addition of support for HDF5's "don't filter partial edge chunks" flag * Addition of proper support for HDF5 fill values with the feature. * Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to H5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available. * Addition of simple examples * h5repack added an optional verbose value for reporting R/W timing. * Fixed a metadata cache bug when resizing a pinned/protected cache entry. * Fixed a problem with the H5_VERS_RELEASE check in the H5check_version function. * Unified handling of collective metadata reads to correctly fix old bugs. * Fixed several potential MPI deadlocks in library failure conditions. * Fixed an issue with collective metadata reads being permanently disabled after a dataset chunk lookup operation. * Remove timestamp/buildhost/kernel version from libhdf5.settings (bsc#1209548). * set higher constraints for succesfull mpich tests (bsc#133222) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2024-882=1 ## Package List: * HPC Module 12 (noarch) * hdf5-gnu-hpc-devel-1.10.11-3.21.1 * hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.21.1 * hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.21.1 * HPC Module 12 (aarch64 x86_64) * libhdf5_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5_cpp-gnu-hpc-1.10.11-3.21.1 * libhdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 * hdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-openmpi1-hpc-devel-static-1.10.11-3.21.1 * libhdf5_hl_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * hdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-hpc-devel-1.10.11-3.21.1 * libhdf5_hl_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1 * libhdf5hl_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-openmpi1-hpc-debugsource-1.10.11-3.21.1 * libhdf5_hl-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5hl_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * hdf5_1_10_11-gnu-hpc-debugsource-1.10.11-3.21.1 * libhdf5_hl_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * libhdf5-gnu-hpc-1.10.11-3.21.1 * libhdf5_hl-gnu-hpc-1.10.11-3.21.1 * libhdf5_hl_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_fortran-gnu-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-hpc-devel-static-1.10.11-3.21.1 * libhdf5_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-mvapich2-hpc-devel-static-1.10.11-3.21.1 * hdf5_1_10_11-gnu-hpc-module-1.10.11-3.21.1 * hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-mvapich2-hpc-module-1.10.11-3.21.1 * libhdf5_hl-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_hl_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * libhdf5-gnu-mvapich2-hpc-1.10.11-3.21.1 * libhdf5_hl_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-openmpi1-hpc-devel-1.10.11-3.21.1 * libhdf5_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1 * libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-mvapich2-hpc-devel-1.10.11-3.21.1 * libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_hl_cpp-gnu-hpc-1.10.11-3.21.1 * libhdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * libhdf5-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_1_10_11-gnu-hpc-1.10.11-3.21.1 * libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_hl_fortran-gnu-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-openmpi1-hpc-module-1.10.11-3.21.1 * libhdf5_hl_1_10_11-gnu-hpc-1.10.11-3.21.1 * libhdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * hdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 * libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1 * libhdf5_hl_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 * libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 * libhdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 * hdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 * hdf5_1_10_11-gnu-mvapich2-hpc-debugsource-1.10.11-3.21.1
References
* bsc#1011205
* bsc#1093641
* bsc#1125882
* bsc#1167400
* bsc#1207973
* bsc#1209548
* bsc#133222
* jsc#PED-7816
Cross-
* CVE-2016-4332
* CVE-2018-11202
* CVE-2019-8396
* CVE-2020-10812
* CVE-2021-37501
CVSS scores:
* CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2019-8396 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2019-8396 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-10812 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2020-10812 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-37501 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2021-37501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* HPC Module 12
* SUSE Linux Enterprise High Performance Computing 12 SP2
* SUSE Linux Enterprise High Performance Computing 12 SP3
* SUSE Linux Enterprise High Performance Computing 12 SP4
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP2
* SUSE Linux Enterprise Server 12 SP3
* SUSE Linux Enterprise Server 12 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP2
* SUSE Linux Enterprise Server for SAP Applications 12 SP3
* SUSE Linux Enterprise Server for SAP Applications 12 SP4
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
An update that solves five vulnerabilities, contains one feature and has two
security fixes can now be installed.
##
* https://www.suse.com/security/cve/CVE-2016-4332.html
* https://www.suse.com/security/cve/CVE-2018-11202.html
* https://www.suse.com/security/cve/CVE-2019-8396.html
* https://www.suse.com/security/cve/CVE-2020-10812.html
* https://www.suse.com/security/cve/CVE-2021-37501.html
* https://bugzilla.suse.com/show_bug.cgi?id=1011205
* https://bugzilla.suse.com/show_bug.cgi?id=1093641
* https://bugzilla.suse.com/show_bug.cgi?id=1125882
* https://bugzilla.suse.com/show_bug.cgi?id=1167400
* https://bugzilla.suse.com/show_bug.cgi?id=1207973
* https://bugzilla.suse.com/show_bug.cgi?id=1209548
* https://bugzilla.suse.com/show_bug.cgi?id=133222
* https://jira.suse.com/browse/PED-7816