 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.856445 |
| Category: | SuSE Local Security Checks |
| Title: | openSUSE: Security Advisory for hdf5, netcdf, trilinos (SUSE-SU-2024:3144-1) |
| Summary: | The remote host is missing an update for the 'hdf5, netcdf, trilinos'; package(s) announced via the SUSE-SU-2024:3144-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'hdf5, netcdf, trilinos' package(s) announced via the SUSE-SU-2024:3144-1 advisory. Vulnerability Insight: This update for hdf5, netcdf, trilinos fixes the following issues: hdf5 was updated from version 1.10.8 to 1.10.11: * Security issues fixed: * CVE-2019-8396: Fixed problems with malformed HDF5 files where content does not match expected size. (bsc#1125882) * CVE-2018-11202: Fixed that a malformed file could result in chunk index memory leaks. (bsc#1093641) * CVE-2016-4332: Fixed an assertion in a previous fix for this issue (bsc#1011205). * CVE-2020-10812: Fixed a segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image.Fixes HDFFV-11052, (bsc#1167400). * CVE-2021-37501: Fixed buffer overflow in hdf5-h5dump (bsc#1207973) * Other security issues fixed (bsc#1224158): * CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, * CVE-2024-32610, CVE-2024-32614, CVE-2024-32619, CVE-2024-32620, * CVE-2024-33873, CVE-2024-33874, CVE-2024-33875 * Additionally, these fixes resolve crashes triggered by the reproducers for CVE-2017-17507, CVE-2018-11205. These crashes appear to be unrelated to the original problems * Other issues fixed: * Remove timestamp/buildhost/kernel version from libhdf5.settings (bsc#1209548) * Changed the error handling for a not found path in the find plugin process. * Fixed a file space allocation bug in the parallel library for chunked datasets. * Fixed an assertion failure in Parallel HDF5 when a file can't be created due to an invalid library version bounds setting. * Fixed memory leaks that could occur when reading a dataset from a malformed file. * Fixed a bug in H5Ocopy that could generate invalid HDF5 files * Fixed potential heap buffer overflow in decoding of link info message. * Fixed potential buffer overrun issues in some object header decode routines. * Fixed a heap buffer overflow that occurs when reading from a dataset with a compact layout within a malformed HDF5 file. * Fixed memory leak when running h5dump with proof of vulnerability file. * Added option --no-compact-subset to h5diff * Several improvements to parallel compression feature, including: * Improved support for collective I/O (for both writes and reads). * Reduction of copying of application data buffers passed to H5Dwrite. * Addition of support for incremental file space allocation for filtered datasets created in parallel. * Addition of support for HDF5's 'don't filter partial edge chunks' flag * Additio ... Description truncated. Please see the references for more information. Affected Software/OS: 'hdf5, netcdf, trilinos' package(s) on openSUSE Leap 15.3. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-4332 BugTraq ID: 94417 http://www.securityfocus.com/bid/94417 Debian Security Information: DSA-3727 (Google Search) http://www.debian.org/security/2016/dsa-3727 https://security.gentoo.org/glsa/201701-13 http://www.talosintelligence.com/reports/TALOS-2016-0178/ Common Vulnerability Exposure (CVE) ID: CVE-2017-17507 https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md Common Vulnerability Exposure (CVE) ID: CVE-2018-11202 https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5 Common Vulnerability Exposure (CVE) ID: CVE-2018-11205 Common Vulnerability Exposure (CVE) ID: CVE-2019-8396 https://github.com/magicSwordsMan/PAAFS/tree/master/vul4 Common Vulnerability Exposure (CVE) ID: CVE-2020-10812 https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ Common Vulnerability Exposure (CVE) ID: CVE-2021-37501 https://github.com/HDFGroup/hdf5 https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md Common Vulnerability Exposure (CVE) ID: CVE-2024-29158 Common Vulnerability Exposure (CVE) ID: CVE-2024-29161 Common Vulnerability Exposure (CVE) ID: CVE-2024-29166 Common Vulnerability Exposure (CVE) ID: CVE-2024-32608 Common Vulnerability Exposure (CVE) ID: CVE-2024-32610 Common Vulnerability Exposure (CVE) ID: CVE-2024-32614 Common Vulnerability Exposure (CVE) ID: CVE-2024-32619 Common Vulnerability Exposure (CVE) ID: CVE-2024-32620 Common Vulnerability Exposure (CVE) ID: CVE-2024-33873 Common Vulnerability Exposure (CVE) ID: CVE-2024-33874 Common Vulnerability Exposure (CVE) ID: CVE-2024-33875 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |