# Security update for hdf5

Announcement ID: SUSE-SU-2024:0882-1  
Rating: moderate  
References:

  * bsc#1011205
  * bsc#1093641
  * bsc#1125882
  * bsc#1167400
  * bsc#1207973
  * bsc#1209548
  * bsc#133222
  * jsc#PED-7816

  
Cross-References:

  * CVE-2016-4332
  * CVE-2018-11202
  * CVE-2019-8396
  * CVE-2020-10812
  * CVE-2021-37501

  
CVSS scores:

  * CVE-2016-4332 ( NVD ):  8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  * CVE-2018-11202 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  * CVE-2018-11202 ( NVD ):  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2019-8396 ( SUSE ):  3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  * CVE-2019-8396 ( NVD ):  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2020-10812 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  * CVE-2020-10812 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2021-37501 ( SUSE ):  6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  * CVE-2021-37501 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * HPC Module 12
  * SUSE Linux Enterprise High Performance Computing 12 SP2
  * SUSE Linux Enterprise High Performance Computing 12 SP3
  * SUSE Linux Enterprise High Performance Computing 12 SP4
  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP2
  * SUSE Linux Enterprise Server 12 SP3
  * SUSE Linux Enterprise Server 12 SP4
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP2
  * SUSE Linux Enterprise Server for SAP Applications 12 SP3
  * SUSE Linux Enterprise Server for SAP Applications 12 SP4
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves five vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update for hdf5 fixes the following issues:

Updated to version 1.10.11

  * Changed the error handling for a not found path in the find plugin process.
  * Fixed CVE-2018-11202, a malformed file could result in chunk index memory
    leaks.
  * Fixed a file space allocation bug in the parallel library for chunked
    datasets.
  * Fixed an assertion failure in Parallel HDF5 when a file can't be created due
    to an invalid library version bounds setting.
  * Fixed an assertion in a previous fix for CVE-2016-4332.
  * Fixed segfault on file close in h5debug which fails with a core dump on a
    file that has an illegal file size in its cache image. Fixes HDFFV-11052,
    CVE-2020-10812.
  * Fixed memory leaks that could occur when reading a dataset from a malformed
    file.
  * Fixed a bug in H5Ocopy that could generate invalid HDF5 files
  * Fixed potential heap buffer overflow in decoding of link info message.
  * Fixed potential buffer overrun issues in some object header decode routines.
  * Fixed a heap buffer overflow that occurs when reading from a dataset with a
    compact layout within a malformed HDF5 file.
  * Fixed CVE-2019-8396, malformed HDF5 files where content does not match
    expected size.
  * Fixed memory leak when running h5dump with proof of vulnerability file.
  * Added option --no-compact-subset to h5diff.

Fixes since 1.10.10:

  * Fixed a memory corruption when reading from dataset using a hyperslab
    selection in file dataspace and a point selection memory dataspace.
  * Fix CVE-2021-37501
  * Fixed an issue with variable length attributes.
  * Fixed an issue with hyperslab selections where an incorrect combined
    selection was produced.
  * Fixed an issue with attribute type conversion with compound datatypes.
  * Modified H5Fstart_swmr_write() to preserve DAPL properties.
  * Converted an assertion on (possibly corrupt) file contents to a normal error
    check.
  * Fixed memory leak with variable-length fill value in H5O_fill_convert().
  * Fix h5repack to only print output when verbose option is selected.

Fixes since 1.10.9:

  * Several improvements to parallel compression feature, including:
    * Improved support for collective I/O (for both writes and reads).
    * Reduction of copying of application data buffers passed to H5Dwrite.
    * Addition of support for incremental file space allocation for filtered datasets created in parallel.
    * Addition of support for HDF5's "don't filter partial edge chunks" flag
    * Addition of proper support for HDF5 fill values with the feature.
    * Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to H5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available.
    * Addition of simple examples
  * h5repack added an optional verbose value for reporting R/W timing.
  * Fixed a metadata cache bug when resizing a pinned/protected cache entry.
  * Fixed a problem with the H5_VERS_RELEASE check in the H5check_version
    function.
  * Unified handling of collective metadata reads to correctly fix old bugs.
  * Fixed several potential MPI deadlocks in library failure conditions.
  * Fixed an issue with collective metadata reads being permanently disabled
    after a dataset chunk lookup operation.

  * Remove timestamp/buildhost/kernel version from libhdf5.settings
    (bsc#1209548).

  * set higher constraints for succesfull mpich tests (bsc#133222)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * HPC Module 12  
    zypper in -t patch SUSE-SLE-Module-HPC-12-2024-882=1

## Package List:

  * HPC Module 12 (noarch)
    * hdf5-gnu-hpc-devel-1.10.11-3.21.1
    * hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.21.1
    * hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.21.1
  * HPC Module 12 (aarch64 x86_64)
    * libhdf5_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_cpp-gnu-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-devel-static-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-devel-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-debugsource-1.10.11-3.21.1
    * libhdf5_hl-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-debugsource-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5-gnu-hpc-1.10.11-3.21.1
    * libhdf5_hl-gnu-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_fortran-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-devel-static-1.10.11-3.21.1
    * libhdf5_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-devel-static-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-module-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-module-1.10.11-3.21.1
    * libhdf5_hl-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5-gnu-mvapich2-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-devel-1.10.11-3.21.1
    * libhdf5_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-devel-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_hl_cpp-gnu-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_hl_fortran-gnu-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-module-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1
    * libhdf5_hl_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1
    * libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1
    * libhdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1
    * hdf5_1_10_11-gnu-mvapich2-hpc-debugsource-1.10.11-3.21.1

## References:

  * https://www.suse.com/security/cve/CVE-2016-4332.html
  * https://www.suse.com/security/cve/CVE-2018-11202.html
  * https://www.suse.com/security/cve/CVE-2019-8396.html
  * https://www.suse.com/security/cve/CVE-2020-10812.html
  * https://www.suse.com/security/cve/CVE-2021-37501.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1011205
  * https://bugzilla.suse.com/show_bug.cgi?id=1093641
  * https://bugzilla.suse.com/show_bug.cgi?id=1125882
  * https://bugzilla.suse.com/show_bug.cgi?id=1167400
  * https://bugzilla.suse.com/show_bug.cgi?id=1207973
  * https://bugzilla.suse.com/show_bug.cgi?id=1209548
  * https://bugzilla.suse.com/show_bug.cgi?id=133222
  * https://jira.suse.com/browse/PED-7816

SUSE: 2024:0882-1 moderate: hdf5 Security Advisory Updates

August 19, 2024
* bsc#1011205 * bsc#1093641 * bsc#1125882 * bsc#1167400 * bsc#1207973

Summary

## This update for hdf5 fixes the following issues: Updated to version 1.10.11 * Changed the error handling for a not found path in the find plugin process. * Fixed CVE-2018-11202, a malformed file could result in chunk index memory leaks. * Fixed a file space allocation bug in the parallel library for chunked datasets. * Fixed an assertion failure in Parallel HDF5 when a file can't be created due to an invalid library version bounds setting. * Fixed an assertion in a previous fix for CVE-2016-4332. * Fixed segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image. Fixes HDFFV-11052, CVE-2020-10812. * Fixed memory leaks that could occur when reading a dataset from a malformed file. * Fixed a bug in H5Ocopy that could generate invalid HDF5 files * Fixed potential heap buffer overflow in decoding of link info message. * Fixed potential buffer overrun issues in some object he...

Read the Full Advisory

References

* bsc#1011205

* bsc#1093641

* bsc#1125882

* bsc#1167400

* bsc#1207973

* bsc#1209548

* bsc#133222

* jsc#PED-7816

Cross-

* CVE-2016-4332

* CVE-2018-11202

* CVE-2019-8396

* CVE-2020-10812

* CVE-2021-37501

CVSS scores:

* CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-8396 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2019-8396 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2020-10812 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2020-10812 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2021-37501 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

* CVE-2021-37501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* HPC Module 12

* SUSE Linux Enterprise High Perfo...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2024:0882-1
Rating: moderate

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved