Lucene search

GoogleOSV:SUSE-SU-2024:2105-1

HistoryJun 20, 2024 - 8:45 a.m.

Security update for hdf5

2024-06-2008:45:07

Google

osv.dev

hdf5

security update

fixes

cve-2024-29158

cve-2024-29161

cve-2024-29166

cve-2024-32608

cve-2024-32610

cve-2024-32614

cve-2024-32619

cve-2024-32620

cve-2024-33873

cve-2024-33874

cve-2024-33875

reproducers

crashes

mpich tests

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

JSON

This update for hdf5 fixes the following issues:

Fix various security issues in hdf5 (bsc#1224158):

CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608,
CVE-2024-32610, CVE-2024-32614, CVE-2024-32619, CVE-2024-32620,
CVE-2024-33873, CVE-2024-33874, CVE-2024-33875
Additionally, these fixes resolve crashes triggered by the
reproducers for CVE-2017-17507, CVE-2018-11205. These crashes
appear to be unrelated to the original problems.
set higher constraints for succesful mpich tests (bsc#1133222)