| Description: |
This update for hdf5 fixes the following issues:
Security issues fixed:
- CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493). - CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495). - CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). - CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655). - CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649). - CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641). - CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111). - CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108). - CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090). - CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087).
Bugfixes:
- Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). - Add build support for gcc10 to HPC build (bsc#1174439).
|