An update for hdf5 is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1327 Final 1.0 1.0 2023-06-03 Initial 2023-06-03 2023-06-03 openEuler SA Tool V1.0 2023-06-03 hdf5 security update An update for hdf5 is now available for openEuler-22.03-LTS-SP1. HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format. Security Fix(es): A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."(CVE-2019-8396) An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.(CVE-2018-13867) Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.(CVE-2021-37501) An update for hdf5 is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical hdf5 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1327 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2019-8396 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2018-13867 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-37501 https://nvd.nist.gov/vuln/detail/CVE-2019-8396 https://nvd.nist.gov/vuln/detail/CVE-2018-13867 https://nvd.nist.gov/vuln/detail/CVE-2021-37501 openEuler-22.03-LTS-SP1 hdf5-mpich-static-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-debugsource-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-mpich-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-openmpi-devel-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-debuginfo-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-devel-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-mpich-devel-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-openmpi-static-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-openmpi-1.12.1-4.oe2203sp1.aarch64.rpm hdf5-1.12.1-4.oe2203sp1.src.rpm hdf5-mpich-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-mpich-static-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-devel-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-openmpi-static-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-debuginfo-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-openmpi-devel-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-debugsource-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-openmpi-1.12.1-4.oe2203sp1.x86_64.rpm hdf5-mpich-devel-1.12.1-4.oe2203sp1.x86_64.rpm A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka Invalid write of size 2. 2023-06-03 CVE-2019-8396 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H hdf5 security update 2023-06-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1327 An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. 2023-06-03 CVE-2018-13867 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H hdf5 security update 2023-06-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1327 Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. 2023-06-03 CVE-2021-37501 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H hdf5 security update 2023-06-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1327