An update for lapack is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1471 Final 1.0 1.0 2021-12-24 Initial 2021-12-24 2021-12-24 openEuler SA Tool V1.0 2021-12-24 lapack security update An update for lapack is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. The LAPACK libraries for numerical linear algebra. Security Fix(es): An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.(CVE-2021-4048) An update for lapack is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium lapack https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1471 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4048 https://nvd.nist.gov/vuln/detail/CVE-2021-4048 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 lapack-3.9.0-5.oe1.aarch64.rpm lapack-help-3.9.0-5.oe1.aarch64.rpm lapack-devel-3.9.0-5.oe1.aarch64.rpm lapack-devel-3.9.0-5.oe1.aarch64.rpm lapack-help-3.9.0-5.oe1.aarch64.rpm lapack-3.9.0-5.oe1.aarch64.rpm lapack-3.9.0-5.oe1.src.rpm lapack-3.9.0-5.oe1.src.rpm lapack-3.9.0-5.oe1.x86_64.rpm lapack-help-3.9.0-5.oe1.x86_64.rpm lapack-devel-3.9.0-5.oe1.x86_64.rpm lapack-3.9.0-5.oe1.x86_64.rpm lapack-help-3.9.0-5.oe1.x86_64.rpm lapack-devel-3.9.0-5.oe1.x86_64.rpm An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. 2021-12-24 CVE-2021-4048 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H lapack security update 2021-12-24 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1471