An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2023-1208
Final
1.0
1.0
2023-04-11
Initial
2023-04-11
2023-04-11
openEuler SA Tool V1.0
2023-04-11
hdf5 security update
An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.
Security Fix(es):
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.(CVE-2018-14031)
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.(CVE-2018-16438)
An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
hdf5
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1208
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2018-14031
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2018-16438
https://nvd.nist.gov/vuln/detail/CVE-2018-14031
https://nvd.nist.gov/vuln/detail/CVE-2018-16438
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
hdf5-1.12.1-2.oe1.aarch64.rpm
hdf5-devel-1.12.1-2.oe1.aarch64.rpm
hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm
hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm
hdf5-mpich-1.12.1-3.oe1.aarch64.rpm
hdf5-mpich-static-1.12.1-3.oe1.aarch64.rpm
hdf5-devel-1.12.1-3.oe1.aarch64.rpm
hdf5-openmpi-static-1.12.1-3.oe1.aarch64.rpm
hdf5-1.12.1-3.oe1.aarch64.rpm
hdf5-debugsource-1.12.1-3.oe1.aarch64.rpm
hdf5-mpich-devel-1.12.1-3.oe1.aarch64.rpm
hdf5-openmpi-1.12.1-3.oe1.aarch64.rpm
hdf5-openmpi-devel-1.12.1-3.oe1.aarch64.rpm
hdf5-debuginfo-1.12.1-3.oe1.aarch64.rpm
hdf5-debugsource-1.8.20-17.oe2203.aarch64.rpm
hdf5-devel-1.8.20-17.oe2203.aarch64.rpm
hdf5-mpich-devel-1.8.20-17.oe2203.aarch64.rpm
hdf5-debuginfo-1.8.20-17.oe2203.aarch64.rpm
hdf5-mpich-static-1.8.20-17.oe2203.aarch64.rpm
hdf5-mpich-1.8.20-17.oe2203.aarch64.rpm
hdf5-openmpi-static-1.8.20-17.oe2203.aarch64.rpm
hdf5-openmpi-devel-1.8.20-17.oe2203.aarch64.rpm
hdf5-openmpi-1.8.20-17.oe2203.aarch64.rpm
hdf5-1.8.20-17.oe2203.aarch64.rpm
hdf5-debuginfo-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-debugsource-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-openmpi-devel-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-mpich-devel-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-devel-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-openmpi-static-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-mpich-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-mpich-static-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-openmpi-1.12.1-4.oe2203sp1.aarch64.rpm
hdf5-1.12.1-2.oe1.src.rpm
hdf5-1.12.1-3.oe1.src.rpm
hdf5-1.8.20-17.oe2203.src.rpm
hdf5-1.12.1-4.oe2203sp1.src.rpm
hdf5-devel-1.12.1-2.oe1.x86_64.rpm
hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm
hdf5-1.12.1-2.oe1.x86_64.rpm
hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm
hdf5-devel-1.12.1-3.oe1.x86_64.rpm
hdf5-openmpi-devel-1.12.1-3.oe1.x86_64.rpm
hdf5-mpich-static-1.12.1-3.oe1.x86_64.rpm
hdf5-mpich-devel-1.12.1-3.oe1.x86_64.rpm
hdf5-mpich-1.12.1-3.oe1.x86_64.rpm
hdf5-openmpi-static-1.12.1-3.oe1.x86_64.rpm
hdf5-debugsource-1.12.1-3.oe1.x86_64.rpm
hdf5-1.12.1-3.oe1.x86_64.rpm
hdf5-debuginfo-1.12.1-3.oe1.x86_64.rpm
hdf5-openmpi-1.12.1-3.oe1.x86_64.rpm
hdf5-mpich-devel-1.8.20-17.oe2203.x86_64.rpm
hdf5-1.8.20-17.oe2203.x86_64.rpm
hdf5-mpich-static-1.8.20-17.oe2203.x86_64.rpm
hdf5-mpich-1.8.20-17.oe2203.x86_64.rpm
hdf5-openmpi-1.8.20-17.oe2203.x86_64.rpm
hdf5-debugsource-1.8.20-17.oe2203.x86_64.rpm
hdf5-devel-1.8.20-17.oe2203.x86_64.rpm
hdf5-debuginfo-1.8.20-17.oe2203.x86_64.rpm
hdf5-openmpi-static-1.8.20-17.oe2203.x86_64.rpm
hdf5-openmpi-devel-1.8.20-17.oe2203.x86_64.rpm
hdf5-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-mpich-devel-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-debuginfo-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-openmpi-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-devel-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-openmpi-devel-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-mpich-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-mpich-static-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-openmpi-static-1.12.1-4.oe2203sp1.x86_64.rpm
hdf5-debugsource-1.12.1-4.oe2203sp1.x86_64.rpm
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.
2023-04-11
CVE-2018-14031
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
hdf5 security update
2023-04-11
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1208
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
2023-04-11
CVE-2018-16438
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
hdf5 security update
2023-04-11
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1208