Overview

File _patchinfo of Package patchinfo.24260

<patchinfo incident="24260">
  <issue tracker="cve" id="2020-10809"/>
  <issue tracker="cve" id="2018-11207"/>
  <issue tracker="cve" id="2020-10811"/>
  <issue tracker="cve" id="2018-13870"/>
  <issue tracker="cve" id="2017-17509"/>
  <issue tracker="cve" id="2018-14032"/>
  <issue tracker="cve" id="2017-17505"/>
  <issue tracker="cve" id="2018-11203"/>
  <issue tracker="cve" id="2018-17434"/>
  <issue tracker="cve" id="2018-17435"/>
  <issue tracker="cve" id="2018-17237"/>
  <issue tracker="cve" id="2018-13869"/>
  <issue tracker="cve" id="2018-17233"/>
  <issue tracker="cve" id="2018-17436"/>
  <issue tracker="cve" id="2018-11202"/>
  <issue tracker="cve" id="2018-11204"/>
  <issue tracker="cve" id="2018-14460"/>
  <issue tracker="cve" id="2018-11206"/>
  <issue tracker="cve" id="2018-17437"/>
  <issue tracker="cve" id="2018-17438"/>
  <issue tracker="cve" id="2020-10810"/>
  <issue tracker="cve" id="2017-17508"/>
  <issue tracker="cve" id="2017-17506"/>
  <issue tracker="cve" id="2018-17433"/>
  <issue tracker="cve" id="2018-14033"/>
  <issue tracker="cve" id="2018-17432"/>
  <issue tracker="cve" id="2018-17234"/>
  <issue tracker="bnc" id="1072111">VUL-0: CVE-2017-17509: hdf5: Out of bounds write vulnerability in the function H5G__ent_decode_vec</issue>
  <issue tracker="bnc" id="1196682">python-h5py packages built against out-of-date version of HDF5</issue>
  <issue tracker="bnc" id="1167405">VUL-0: CVE-2020-10811: hdf5: A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c (in HDF5 through 1.12.0).</issue>
  <issue tracker="bnc" id="1109564">VUL-0: CVE-2018-17432: hdf5: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.</issue>
  <issue tracker="bnc" id="1174439">[HPC, gcc10] Add build support for gcc10 to HPC Libraries</issue>
  <issue tracker="bnc" id="1093655">VUL-1: CVE-2018-11204: hdf5: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c</issue>
  <issue tracker="bnc" id="1101495">VUL-1: CVE-2018-13869: hdf5: memcpy parameter overlap in the function H5O_link_decode in H5Olink.c</issue>
  <issue tracker="bnc" id="1093653">VUL-1: CVE-2018-11207: hdf5: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the .</issue>
  <issue tracker="bnc" id="1093657">VUL-1: CVE-2018-11206: hdf5: A out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c</issue>
  <issue tracker="bnc" id="1093641">VUL-1: CVE-2018-11202: hdf5: A NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c allows a remote denial of service attack.</issue>
  <issue tracker="bnc" id="1109568">VUL-0: CVE-2018-17436: hdf5: ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF fil</issue>
  <issue tracker="bnc" id="1072090">VUL-1: CVE-2017-17506: hdf5: Out of bounds read in the function H5Opline_pline_decode</issue>
  <issue tracker="bnc" id="1116458">[HPC, macros] Handle Dependencies properly when providers are available both in the default and HPC Module Path</issue>
  <issue tracker="bnc" id="1101474">VUL-1: hdf5: CVE-2018-14032 hdf5: heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c</issue>
  <issue tracker="bnc" id="1072108">VUL-1: CVE-2017-17508: hdf5: Divide-by-zero vulnerability in the function H5T_set_loc</issue>
  <issue tracker="bnc" id="1093649">VUL-1: CVE-2018-11203: hdf5: division by zero in H5D__btree_decode_key in H5Dbtree.c in: It could allow a remote denial of service attack.</issue>
  <issue tracker="bnc" id="1109566">VUL-0: CVE-2018-17434: hdf5: A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against div</issue>
  <issue tracker="bnc" id="1133222">openSUSE:Leap:15.1/hdf5:gnu-mpich-hpc failed</issue>
  <issue tracker="bnc" id="1109167">VUL-0: CVE-2018-17234: hdf5: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c</issue>
  <issue tracker="bnc" id="1072087">VUL-1: CVE-2017-17505: hdf5: NULL pointer dereference in the function H5O_pline_decode allowing for DoS via crafted file</issue>
  <issue tracker="bnc" id="1109166">VUL-0: CVE-2018-17233: hdf5: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper()</issue>
  <issue tracker="bnc" id="1109569">VUL-0: CVE-2018-17437: hdf5: Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.</issue>
  <issue tracker="bnc" id="1101471">VUL-1: hdf5: CVE-2018-14033 hdf5: heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c</issue>
  <issue tracker="bnc" id="1167404">VUL-0: CVE-2020-10809: hdf5: A heap-based buffer overflow exists in the function Decompress() located in decompress.c (in HDF5 through 1.12.0).</issue>
  <issue tracker="bnc" id="1109567">VUL-0: CVE-2018-17435: hdf5: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while conver</issue>
  <issue tracker="bnc" id="1109168">VUL-0: CVE-2018-17237: hdf5: A SIGFPE signal is raised in the function H5D__chunk_set_info_real()</issue>
  <issue tracker="bnc" id="1167401">VUL-1: CVE-2020-10810: hdf5: A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c (in HDF5 through 1.12.0).</issue>
  <issue tracker="bnc" id="1169793">hdf5: baselibs .so for hdf5_fortran Libraries is incorrect</issue>
  <issue tracker="bnc" id="1109570">VUL-0: CVE-2018-17438: hdf5: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division</issue>
  <issue tracker="bnc" id="1134298">science/hdf5: wrong libname in hpc pkgconfig file</issue>
  <issue tracker="bnc" id="1102175">VUL-1: CVE-2018-14460: hdf5: There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.</issue>
  <issue tracker="bnc" id="1109565">VUL-0: CVE-2018-17433: hdf5: A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while conver</issue>
  <issue tracker="bnc" id="1124509">[HPC, build] Macros for creating/removing Link for default Module Broken</issue>
  <issue tracker="bnc" id="1179521">netcdf-cxx4 packages built against out-of-date version of HDF5</issue>
  <issue tracker="bnc" id="1101493">VUL-0: CVE-2018-13870 hdf5: heap-based buffer over-read in the function H5O_link_decode in H5Olink.c</issue>
  <issue tracker="jsc" id="SLE-7773"/>
  <issue tracker="jsc" id="SLE-7766"/>
  <issue tracker="jsc" id="SLE-8604"/>
  <issue tracker="jsc" id="SLE-8501"/>
  <packager>eeich</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for hdf5, suse-hpc</summary>
  <description>This update for hdf5, suse-hpc fixes the following issues:

Security issues fixed:

- CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405).
- CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401).
- CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404).
- CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570).
- CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569).
- CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).
- CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567).
- CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566).
- CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565).
- CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564).
- CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168).
- CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167).
- CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166).
- CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175).
- CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471).
- CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474).
- CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493).
- CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495).
- CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653).
- CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657).
- CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655).
- CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649).
- CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641).
- CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111).
- CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108).
- CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090).
- CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087).

Bugfixes:

- Expand modules handling (bsc#1116458).
- Fix default moduleversion link generation and deletion (bsc#1124509).
- Set higher constraints for succesfull mpich tests (bsc#1133222).
- Fix library link flags on pkg-config file for HPC builds (bsc#1134298).
- Fix .so number in baselibs.conf for libhdf5_fortran libs (bsc#1169793).
- Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682).
- Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521).
- Add build support for gcc10 to HPC build (bsc#1174439).
- Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 &amp; jsc#SLE-8604).
- Enable openmpi3 builds for Leap and SLE &gt; 15.1 (jsc#SLE-7773).
- HDF5 version Update to 1.10.5 (jsc#SLE-8501).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places