Overview

File _patchinfo of Package patchinfo.32552

<patchinfo incident="32552">
  <issue tracker="cve" id="2016-4332"/>
  <issue tracker="bnc" id="1125882">VUL-1: CVE-2019-8396: hdf5: buffer overflow in function H5O__layout_encode in H5Olayout.c</issue>
  <issue tracker="bnc" id="1167400">VUL-1: CVE-2020-10812: hdf5: A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c (in HDF5 through 1.12.0).</issue>
  <issue tracker="bnc" id="1093641">VUL-1: CVE-2018-11202: hdf5: A NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c allows a remote denial of service attack.</issue>
  <issue tracker="bnc" id="1207973">VUL-0: CVE-2021-37501: hdf5: buffer overflow in hdf5-h5dump 1.10.8 through 1.13.0</issue>
  <issue tracker="bnc" id="1011205">VUL-0: CVE-2016-4332: hdf5: Shareable Message Type Code Execution Vulnerability</issue>
  <issue tracker="cve" id="2020-10812"/>
  <issue tracker="cve" id="2021-37501"/>
  <issue tracker="cve" id="2019-8396"/>
  <issue tracker="cve" id="2018-11202"/>
  <issue tracker="jsc" id="PED-7816"/>
  <packager>eeich</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for hdf5</summary>
  <description>This update for hdf5 fixes the following issues:

Updated to version 1.10.11

  * Changed the error handling for a not found path in the find
    plugin process.
  * Fixed CVE-2018-11202, a malformed file could result in chunk
    index memory leaks.
  * Fixed a file space allocation bug in the parallel library for
    chunked datasets.
  * Fixed an assertion failure in Parallel HDF5 when a file can't
    be created due to an invalid library version bounds setting.
  * Fixed an assertion in a previous fix for CVE-2016-4332.
  * Fixed segfault on file close in h5debug which fails with a core
    dump on a file that has an illegal file size in its cache image.
    Fixes HDFFV-11052, CVE-2020-10812.
  * Fixed memory leaks that could occur when reading a dataset from
    a malformed file.
  * Fixed a bug in H5Ocopy that could generate invalid HDF5 files
  * Fixed potential heap buffer overflow in decoding of link info
    message.
  * Fixed potential buffer overrun issues in some object header
    decode routines.
  * Fixed a heap buffer overflow that occurs when reading from
    a dataset with a compact layout within a malformed HDF5 file.
  * Fixed CVE-2019-8396, malformed HDF5 files where content does
    not match expected size.
  * Fixed memory leak when running h5dump with proof of
    vulnerability file.
  * Added option --no-compact-subset to h5diff.

Fixes since 1.10.10:

  * Fixed a memory corruption when reading from dataset using a
    hyperslab selection in file dataspace and a point selection
    memory dataspace.
  * Fix CVE-2021-37501
  * Fixed an issue with variable length attributes.
  * Fixed an issue with hyperslab selections where an incorrect
    combined selection was produced.
  * Fixed an issue with attribute type conversion with compound
    datatypes.
  * Modified H5Fstart_swmr_write() to preserve DAPL properties.
  * Converted an assertion on (possibly corrupt) file contents to
    a normal error check.
  * Fixed memory leak with variable-length fill value in
    H5O_fill_convert().
  * Fix h5repack to only print output when verbose option is
    selected.

Fixes since 1.10.9:

  * Several improvements to parallel compression feature,
    including:
    + Improved support for collective I/O (for both writes and
      reads).
    + Reduction of copying of application data buffers passed to
      H5Dwrite.
    + Addition of support for incremental file space allocation
      for filtered datasets created in parallel.
    + Addition of support for HDF5's "don't filter partial edge
      chunks" flag
    + Addition of proper support for HDF5 fill values with the
      feature.
    + Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to
      H5pubconf.h
      so HDF5 applications can determine at compile-time whether
      the feature is available.
    + Addition of simple examples
  * h5repack added an optional verbose value for reporting R/W
    timing.
  * Fixed a metadata cache bug when resizing a pinned/protected
    cache entry.
  * Fixed a problem with the H5_VERS_RELEASE check in the
    H5check_version function.
  * Unified handling of collective metadata reads to correctly fix
    old bugs.
  * Fixed several potential MPI deadlocks in library failure
    conditions.
  * Fixed an issue with collective metadata reads being permanently
    disabled after a dataset chunk lookup operation.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places