Security update for hdf5, suse-hpc

Announcement ID:	SUSE-SU-2022:1933-1
Rating:	important
References:	bsc#1058563 bsc#1072087 bsc#1072090 bsc#1072108 bsc#1072111 bsc#1080022 bsc#1080259 bsc#1080426 bsc#1080442 bsc#1082209 bsc#1084951 bsc#1088547 bsc#1091237 bsc#1093641 bsc#1093649 bsc#1093653 bsc#1093655 bsc#1093657 bsc#1101471 bsc#1101474 bsc#1101493 bsc#1101495 bsc#1102175 bsc#1109166 bsc#1109167 bsc#1109168 bsc#1109564 bsc#1109565 bsc#1109566 bsc#1109567 bsc#1109568 bsc#1109569 bsc#1109570 bsc#1116458 bsc#1124509 bsc#1133222 bsc#1134298 bsc#1167401 bsc#1167404 bsc#1167405 bsc#1169793 bsc#1174439 bsc#1179521 bsc#1196682 jsc#SLE-7766 jsc#SLE-7773 jsc#SLE-8501 jsc#SLE-8604
Cross-References:	CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17435 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811
CVSS scores:	CVE-2017-17505 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17505 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17506 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2017-17506 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17508 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17508 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17509 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-17509 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11203 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11203 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11204 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11204 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11206 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-11206 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11207 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11207 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13869 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-13869 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13870 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-13870 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-14032 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14460 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14460 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-17233 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17233 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17234 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17234 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17237 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17237 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17432 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17432 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17433 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17433 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17434 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17434 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17435 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17435 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17436 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17436 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17437 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17437 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17438 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17438 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10809 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-10809 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	HPC Module 12 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 27 vulnerabilities, contains four features and has 17 security fixes can now be installed.

Description:

This update for hdf5, suse-hpc fixes the following issues:

Security issues fixed:

• CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405).
• CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401).
• CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404).
• CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570).
• CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569).
• CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).
• CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567).
• CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566).
• CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565).
• CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564).
• CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168).
• CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167).
• CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166).
• CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175).
• CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471).
• CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474).
• CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493).
• CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495).
• CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653).
• CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657).
• CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655).
• CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649).
• CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641).
• CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111).
• CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108).
• CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090).
• CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087).

Bugfixes:

• Expand modules handling (bsc#1116458).
• Fix default moduleversion link generation and deletion (bsc#1124509).
• Set higher constraints for succesfull mpich tests (bsc#1133222).
• Only build one examples package for all flavors, do not include dependencies as these would be flavor specific (bsc#1088547).
• Prepend PKG_CONFIG_PATH in modules file (bsc#1080426).
• Validate Python 3 code (bsc#1082209).
• Fix library link flags on pkg-config file for HPC builds (bsc#1134298).
• Fix .so number in baselibs.conf for libhdf5_fortran libs (bsc#1169793).
• Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682).
• Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521).
• Make module files package arch dependent: it contains arch-dependent paths (bsc#1080442).
• Disable %check stage for mpich builds on s390(x) (bsc#1080022).
• Add build support for gcc10 to HPC build (bsc#1174439).
• Fix summary in module files (bsc#1080259).
• Append a newline to the shebang line prepended by the %hpc_shebang_prepend_list macro (bsc#1084951).
• Temporarily disable make check for PowerPC (bsc#1058563).
• Fix HPC library master packages dependency: make it require the correct flavor (bsc#1091237).
• Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 & jsc#SLE-8604).
• Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773).
• HDF5 version Update to 1.10.5 (jsc#SLE-8501).
• Add support for openmpi2 for HPC (FATE#325089).
• Initial version (FATE#320596).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• HPC Module 12
  zypper in -t patch SUSE-SLE-Module-HPC-12-2022-1933=1

Package List:

• HPC Module 12 (noarch)
  • hdf5-gnu-mvapich2-hpc-devel-1.10.8-3.12.2
  • hdf5-gnu-openmpi1-hpc-devel-1.10.8-3.12.2
  • hdf5-gnu-hpc-devel-1.10.8-3.12.2
• HPC Module 12 (aarch64 x86_64)
  • libhdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-openmpi1-hpc-devel-static-1.10.8-3.12.2
  • libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-3.12.2
  • libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • suse-hpc-0.5.20220206.0c6b168-5.2
  • hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-3.12.2
  • libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2
  • libhdf5_hl-gnu-openmpi1-hpc-1.10.8-3.12.2
  • libhdf5_cpp-gnu-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5_fortran-gnu-openmpi1-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-3.12.2
  • libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-openmpi1-hpc-debugsource-1.10.8-3.12.2
  • libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2
  • libhdf5_hl-gnu-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-hpc-1.10.8-3.12.2
  • libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.8-3.12.2
  • libhdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2
  • libhdf5_hl_1_10_8-gnu-hpc-1.10.8-3.12.2
  • libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-3.12.2
  • libhdf5-gnu-mvapich2-hpc-1.10.8-3.12.2
  • libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-hpc-devel-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-3.12.2
  • libhdf5_hl-gnu-mvapich2-hpc-1.10.8-3.12.2
  • libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2
  • libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-3.12.2
  • libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-openmpi1-hpc-devel-1.10.8-3.12.2
  • libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2
  • libhdf5_fortran-gnu-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2
  • hdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2