CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
76.8%
This update for hdf5, netcdf, trilinos fixes the following issues:
hdf5 was updated from version 1.10.8 to 1.10.11:
Security issues fixed:
CVE-2019-8396: Fixed problems with malformed HDF5 files where content does not match expected size. (bsc#1125882)
CVE-2018-11202: Fixed that a malformed file could result in chunk index memory leaks. (bsc#1093641)
CVE-2016-4332: Fixed an assertion in a previous fix for this issue (bsc#1011205).
CVE-2020-10812: Fixed a segfault on file close in h5debug which fails with a core dump on a file that has an illegal
file size in its cache image.Fixes HDFFV-11052, (bsc#1167400).
CVE-2021-37501: Fixed buffer overflow in hdf5-h5dump (bsc#1207973)
Other security issues fixed (bsc#1224158):
Other issues fixed:
Remove timestamp/buildhost/kernel version from libhdf5.settings (bsc#1209548)
Changed the error handling for a not found path in the find plugin process.
Fixed a file space allocation bug in the parallel library for chunked datasets.
Fixed an assertion failure in Parallel HDF5 when a file can’t be created due to an invalid library version bounds
setting.
Fixed memory leaks that could occur when reading a dataset from a malformed file.
Fixed a bug in H5Ocopy that could generate invalid HDF5 files
Fixed potential heap buffer overflow in decoding of link info message.
Fixed potential buffer overrun issues in some object header decode routines.
Fixed a heap buffer overflow that occurs when reading from a dataset with a compact layout within a malformed HDF5
file.
Fixed memory leak when running h5dump with proof of vulnerability file.
Added option --no-compact-subset to h5diff
Several improvements to parallel compression feature, including:
h5repack added an optional verbose value for reporting R/W timing.
Fixed a metadata cache bug when resizing a pinned/protected cache entry.
Fixed a problem with the H5_VERS_RELEASE check in the H5check_version function.
Unified handling of collective metadata reads to correctly fix old bugs.
Fixed several potential MPI deadlocks in library failure conditions.
Fixed an issue with collective metadata reads being permanently disabled after a dataset chunk lookup operation.
netcdf was updated to fix:
trilinos was updated to fix:
bugzilla.suse.com/1011205
bugzilla.suse.com/1093641
bugzilla.suse.com/1125882
bugzilla.suse.com/1133222
bugzilla.suse.com/1167400
bugzilla.suse.com/1207973
bugzilla.suse.com/1209548
bugzilla.suse.com/1210049
bugzilla.suse.com/1224158
www.suse.com/security/cve/CVE-2016-4332
www.suse.com/security/cve/CVE-2017-17507
www.suse.com/security/cve/CVE-2018-11202
www.suse.com/security/cve/CVE-2018-11205
www.suse.com/security/cve/CVE-2019-8396
www.suse.com/security/cve/CVE-2020-10812
www.suse.com/security/cve/CVE-2021-37501
www.suse.com/security/cve/CVE-2024-29158
www.suse.com/security/cve/CVE-2024-29161
www.suse.com/security/cve/CVE-2024-29166
www.suse.com/security/cve/CVE-2024-32608
www.suse.com/security/cve/CVE-2024-32610
www.suse.com/security/cve/CVE-2024-32614
www.suse.com/security/cve/CVE-2024-32619
www.suse.com/security/cve/CVE-2024-32620
www.suse.com/security/cve/CVE-2024-33873
www.suse.com/security/cve/CVE-2024-33874
www.suse.com/security/cve/CVE-2024-33875
www.suse.com/support/update/announcement/2024/suse-su-20243144-1/
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
76.8%