An update that fixes 11 vulnerabilities is now available.
Description:
This update for hdf5 fixes the following issues:
- CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215).
- CVE-2018-13867: Fixed out of bounds read in the function
H5F__accum_read in H5Faccum.c (bsc#1101906).
- CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at
H5Lexternal.c (bsc#1107069).
- CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400).
- CVE-2021-45830: Fixed heap buffer overflow vulnerability in
H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375).
- CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode
in H5Olayout.c (bsc#1125882).
- CVE-2018-11205: Fixed out of bounds read was discovered in
H5VM_memcpyvv in H5VM.c (bsc#1093663).
- CVE-2021-46242: Fixed heap-use-after free via the component
H5AC_unpin_entry (bsc#1195212).
- CVE-2021-45833: Fixed stack buffer overflow vulnerability
(bsc#1194366).
- CVE-2018-14031: Fixed heap-based buffer over-read in the function
H5T_copy in H5T.c (bsc#1101475).
- CVE-2018-17439: Fixed out of bounds read in the function
H5F__accum_read in H5Faccum.c (bsc#1111598).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3827=1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3827=1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3827=1