{"affected":[{"ecosystem_specific":{"binaries":[{"hdf5-gnu-hpc-devel":"1.10.11-3.21.1","hdf5-gnu-mvapich2-hpc-devel":"1.10.11-3.21.1","hdf5-gnu-openmpi1-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-module":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-module":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-module":"1.10.11-3.21.1","libhdf5-gnu-hpc":"1.10.11-3.21.1","libhdf5-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_cpp-gnu-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 12","name":"hdf5_1_10_11-gnu-hpc","purl":"pkg:rpm/suse/hdf5_1_10_11-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.11-3.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"hdf5-gnu-hpc-devel":"1.10.11-3.21.1","hdf5-gnu-mvapich2-hpc-devel":"1.10.11-3.21.1","hdf5-gnu-openmpi1-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-module":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-module":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-module":"1.10.11-3.21.1","libhdf5-gnu-hpc":"1.10.11-3.21.1","libhdf5-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_cpp-gnu-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 12","name":"hdf5_1_10_11-gnu-mvapich2-hpc","purl":"pkg:rpm/suse/hdf5_1_10_11-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.11-3.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"hdf5-gnu-hpc-devel":"1.10.11-3.21.1","hdf5-gnu-mvapich2-hpc-devel":"1.10.11-3.21.1","hdf5-gnu-openmpi1-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-hpc-module":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-mvapich2-hpc-module":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-devel":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-devel-static":"1.10.11-3.21.1","hdf5_1_10_11-gnu-openmpi1-hpc-module":"1.10.11-3.21.1","libhdf5-gnu-hpc":"1.10.11-3.21.1","libhdf5-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_cpp-gnu-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_cpp_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_fortran-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_fortran_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5_hl_fortran-gnu-openmpi1-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc":"1.10.11-3.21.1","libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc":"1.10.11-3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 12","name":"hdf5_1_10_11-gnu-openmpi1-hpc","purl":"pkg:rpm/suse/hdf5_1_10_11-gnu-openmpi1-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.11-3.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for hdf5 fixes the following issues:\n\nUpdated to version 1.10.11\n\n  * Changed the error handling for a not found path in the find\n    plugin process.\n  * Fixed CVE-2018-11202, a malformed file could result in chunk\n    index memory leaks.\n  * Fixed a file space allocation bug in the parallel library for\n    chunked datasets.\n  * Fixed an assertion failure in Parallel HDF5 when a file can't\n    be created due to an invalid library version bounds setting.\n  * Fixed an assertion in a previous fix for CVE-2016-4332.\n  * Fixed segfault on file close in h5debug which fails with a core\n    dump on a file that has an illegal file size in its cache image.\n    Fixes HDFFV-11052, CVE-2020-10812.\n  * Fixed memory leaks that could occur when reading a dataset from\n    a malformed file.\n  * Fixed a bug in H5Ocopy that could generate invalid HDF5 files\n  * Fixed potential heap buffer overflow in decoding of link info\n    message.\n  * Fixed potential buffer overrun issues in some object header\n    decode routines.\n  * Fixed a heap buffer overflow that occurs when reading from\n    a dataset with a compact layout within a malformed HDF5 file.\n  * Fixed CVE-2019-8396, malformed HDF5 files where content does\n    not match expected size.\n  * Fixed memory leak when running h5dump with proof of\n    vulnerability file.\n  * Added option --no-compact-subset to h5diff.\n\nFixes since 1.10.10:\n\n  * Fixed a memory corruption when reading from dataset using a\n    hyperslab selection in file dataspace and a point selection\n    memory dataspace.\n  * Fix CVE-2021-37501\n  * Fixed an issue with variable length attributes.\n  * Fixed an issue with hyperslab selections where an incorrect\n    combined selection was produced.\n  * Fixed an issue with attribute type conversion with compound\n    datatypes.\n  * Modified H5Fstart_swmr_write() to preserve DAPL properties.\n  * Converted an assertion on (possibly corrupt) file contents to\n    a normal error check.\n  * Fixed memory leak with variable-length fill value in\n    H5O_fill_convert().\n  * Fix h5repack to only print output when verbose option is\n    selected.\n\nFixes since 1.10.9:\n\n  * Several improvements to parallel compression feature,\n    including:\n    + Improved support for collective I/O (for both writes and\n      reads).\n    + Reduction of copying of application data buffers passed to\n      H5Dwrite.\n    + Addition of support for incremental file space allocation\n      for filtered datasets created in parallel.\n    + Addition of support for HDF5's 'don't filter partial edge\n      chunks' flag\n    + Addition of proper support for HDF5 fill values with the\n      feature.\n    + Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to\n      H5pubconf.h\n      so HDF5 applications can determine at compile-time whether\n      the feature is available.\n    + Addition of simple examples\n  * h5repack added an optional verbose value for reporting R/W\n    timing.\n  * Fixed a metadata cache bug when resizing a pinned/protected\n    cache entry.\n  * Fixed a problem with the H5_VERS_RELEASE check in the\n    H5check_version function.\n  * Unified handling of collective metadata reads to correctly fix\n    old bugs.\n  * Fixed several potential MPI deadlocks in library failure\n    conditions.\n  * Fixed an issue with collective metadata reads being permanently\n    disabled after a dataset chunk lookup operation.\n\n- Remove timestamp/buildhost/kernel version from libhdf5.settings (bsc#1209548).\n\n- set higher constraints for succesfull mpich tests (bsc#133222)","id":"SUSE-SU-2024:0882-1","modified":"2024-03-14T10:33:28Z","published":"2024-03-14T10:33:28Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240882-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011205"},{"type":"REPORT","url":"https://bugzilla.suse.com/1093641"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167400"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207973"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209548"},{"type":"REPORT","url":"https://bugzilla.suse.com/133222"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4332"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-11202"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-8396"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10812"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37501"}],"related":["CVE-2016-4332","CVE-2018-11202","CVE-2019-8396","CVE-2020-10812","CVE-2021-37501"],"summary":"Security update for hdf5","upstream":["CVE-2016-4332","CVE-2018-11202","CVE-2019-8396","CVE-2020-10812","CVE-2021-37501"]}