SUSE: 2024:3144-1 Important: HDF5, NetCDF, Trilinos Security Fixes
suse
September 5, 2024
* bsc#1011205 * bsc#1093641 * bsc#1125882 * bsc#1133222 * bsc#1167400
Summary
## This update for hdf5, netcdf, trilinos fixes the following issues: hdf5 was updated from version 1.10.8 to 1.10.11: * Security issues fixed: * CVE-2019-8396: Fixed problems with malformed HDF5 files where content does not match expected size. (bsc#1125882) * CVE-2018-11202: Fixed that a malformed file could result in chunk index memory leaks. (bsc#1093641) * CVE-2016-4332: Fixed an assertion in a previous fix for this issue (bsc#1011205). * CVE-2020-10812: Fixed a segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image.Fixes HDFFV-11052, (bsc#1167400). * CVE-2021-37501: Fixed buffer overflow in hdf5-h5dump (bsc#1207973) * Other security issues fixed (bsc#1224158): * CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608,
References
* bsc#1011205
* bsc#1093641
* bsc#1125882
* bsc#1133222
* bsc#1167400
* bsc#1207973
* bsc#1209548
* bsc#1210049
* bsc#1224158
Cross-
* CVE-2016-4332
* CVE-2017-17507
* CVE-2018-11202
* CVE-2018-11205
* CVE-2019-8396
* CVE-2020-10812
* CVE-2021-37501
* CVE-2024-29158
* CVE-2024-29161
* CVE-2024-29166
* CVE-2024-32608
* CVE-2024-32610
* CVE-2024-32614
* CVE-2024-32619
* CVE-2024-32620
* CVE-2024-33873
* CVE-2024-33874
* CVE-2024-33875
CVSS scores:
* CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2017-17507 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2017-17507 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!