jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1208.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

210 lines
18 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2023-1208</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2023-04-11</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2023-04-11</InitialReleaseDate>
<CurrentReleaseDate>2023-04-11</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2023-04-11</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">hdf5 security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.
Security Fix(es):
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.(CVE-2018-14031)
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.(CVE-2018-16438)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">hdf5</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1208</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2018-14031</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2018-16438</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2018-14031</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2018-16438</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="hdf5-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-1.12.1-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-devel-1.12.1-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-mpich-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-static-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-mpich-static-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-devel-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-static-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-openmpi-static-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-debugsource-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-devel-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-mpich-devel-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-openmpi-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-devel-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-openmpi-devel-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-debuginfo-1.12.1-3.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-debugsource-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-devel-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-devel-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-mpich-devel-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-debuginfo-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-static-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-mpich-static-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-mpich-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-static-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-openmpi-static-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-devel-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-openmpi-devel-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-openmpi-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-1.8.20-17.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-debuginfo-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-debugsource-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-devel-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-openmpi-devel-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-devel-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-mpich-devel-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-devel-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-static-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-openmpi-static-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-mpich-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-static-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-mpich-static-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-openmpi-1.12.1-4.oe2203sp1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="hdf5-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-1.12.1-2.oe1.src.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-1.12.1-3.oe1.src.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-1.8.20-17.oe2203.src.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-1.12.1-4.oe2203sp1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="hdf5-devel-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-devel-1.12.1-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-1.12.1-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.12.1-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-devel-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-devel-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-openmpi-devel-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-static-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-mpich-static-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-devel-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-mpich-devel-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-mpich-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-static-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-openmpi-static-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-debugsource-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-debuginfo-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-1.12.1-3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">hdf5-openmpi-1.12.1-3.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-devel-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-mpich-devel-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-static-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-mpich-static-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-mpich-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-openmpi-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-debugsource-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-devel-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-debuginfo-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-static-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-openmpi-static-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-devel-1.8.20-17" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">hdf5-openmpi-devel-1.8.20-17.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-devel-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-mpich-devel-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debuginfo-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-debuginfo-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-openmpi-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-devel-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-devel-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-devel-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-openmpi-devel-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-mpich-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-mpich-static-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-mpich-static-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-openmpi-static-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-openmpi-static-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="hdf5-debugsource-1.12.1-4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">hdf5-debugsource-1.12.1-4.oe2203sp1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.</Note>
</Notes>
<ReleaseDate>2023-04-11</ReleaseDate>
<CVE>CVE-2018-14031</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>8.8</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>hdf5 security update</Description>
<DATE>2023-04-11</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1208</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.</Note>
</Notes>
<ReleaseDate>2023-04-11</ReleaseDate>
<CVE>CVE-2018-16438</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>8.8</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>hdf5 security update</Description>
<DATE>2023-04-11</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1208</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink