Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE 12: 2024:0882-1 Moderate: HDF5 Security Issues and Fixes

suse
Calendar Grey August 19, 2024
Dist Suse Esm H88
The latest release from SUSE for hdf5 rectifies several problems such as memory leaks, while also enhancing both stability and security aspects.
* bsc#1011205 * bsc#1093641 * bsc#1125882 * bsc#1167400 * bsc#1207973

Summary

## This update for hdf5 fixes the following issues: Updated to version 1.10.11 * Changed the error handling for a not found path in the find plugin process. * Fixed CVE-2018-11202, a malformed file could result in chunk index memory leaks. * Fixed a file space allocation bug in the parallel library for chunked datasets. * Fixed an assertion failure in Parallel HDF5 when a file can't be created due to an invalid library version bounds setting. * Fixed an assertion in a previous fix for CVE-2016-4332. * Fixed segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image. Fixes HDFFV-11052, CVE-2020-10812. * Fixed memory leaks that could occur when reading a dataset from a malformed file. * Fixed a bug in H5Ocopy that could generate invalid HDF5 files

Topics%20covered

Topics Covered

security advisory moderate buffer overflow memory leak system update SUSE hdf5

References

* bsc#1011205

* bsc#1093641

* bsc#1125882

* bsc#1167400

* bsc#1207973

* bsc#1209548

* bsc#133222

* jsc#PED-7816

Cross-

* CVE-2016-4332

* CVE-2018-11202

* CVE-2019-8396

* CVE-2020-10812

* CVE-2021-37501

CVSS scores:

* CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-8396 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2019-8396 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2020-10812 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2020-10812 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2024:0882-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate buffer overflow memory leak system update SUSE hdf5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here