SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:0538-1)

high Nessus Plugin ID 190848

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0538-1 advisory.

- The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. (CVE-2016-4332)

- A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. (CVE-2018-11202)

- A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka Invalid write of size 2. (CVE-2019-8396)

- An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. (CVE-2020-10812)

- Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. (CVE-2021-37501)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1011205

https://bugzilla.suse.com/1093641

https://bugzilla.suse.com/1125882

https://bugzilla.suse.com/1167400

https://bugzilla.suse.com/1207973

http://www.nessus.org/u?fd665b69

https://www.suse.com/security/cve/CVE-2016-4332

https://www.suse.com/security/cve/CVE-2018-11202

https://www.suse.com/security/cve/CVE-2019-8396

https://www.suse.com/security/cve/CVE-2020-10812

https://www.suse.com/security/cve/CVE-2021-37501

Plugin Details

Severity: High

ID: 190848

File Name: suse_SU-2024-0538-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/21/2024

Updated: 2/24/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-4332

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp_1_10_11-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_fortran-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_fortran-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-hpc-devel, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi3-hpc-devel-static, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-hpc-examples, p-cpe:/a:novell:suse_linux:libhdf5_fortran-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mvapich2-hpc-devel, p-cpe:/a:novell:suse_linux:libhdf5_fortran_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mvapich2-hpc-module, p-cpe:/a:novell:suse_linux:libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-hpc-devel, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mpich-hpc-devel-static, p-cpe:/a:novell:suse_linux:libhdf5_hl_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-openmpi4-hpc-devel, p-cpe:/a:novell:suse_linux:libhdf5-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_1_10_11-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5_fortran_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5hl_fortran_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:hdf5-hpc-examples, p-cpe:/a:novell:suse_linux:libhdf5_fortran_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mpich-hpc-devel, p-cpe:/a:novell:suse_linux:libhdf5_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_fortran-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_fortran-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl-gnu-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mvapich2-hpc-devel-static, p-cpe:/a:novell:suse_linux:libhdf5_hl-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi4-hpc-devel, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi3-hpc-module, p-cpe:/a:novell:suse_linux:libhdf5_fortran_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mpich-hpc-module, p-cpe:/a:novell:suse_linux:hdf5-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_1_10_11-gnu-mvapich2-hpc, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:hdf5-gnu-mvapich2-hpc-devel, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi4-hpc-devel-static, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-hpc-module, p-cpe:/a:novell:suse_linux:libhdf5_cpp-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_fortran-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_fortran-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_fortran-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5hl_fortran_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-hpc-devel-static, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi3-hpc-devel, p-cpe:/a:novell:suse_linux:libhdf5_fortran-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libhdf5-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_cpp-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-openmpi3-hpc-devel, p-cpe:/a:novell:suse_linux:hdf5-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_hl_1_10_11-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:hdf5-gnu-mpich-hpc-devel, p-cpe:/a:novell:suse_linux:libhdf5hl_fortran_1_10_11-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp-gnu-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5hl_fortran_1_10_11-gnu-hpc, p-cpe:/a:novell:suse_linux:libhdf5_fortran_1_10_11-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-openmpi4-hpc-module, p-cpe:/a:novell:suse_linux:libhdf5_hl_fortran-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:libhdf5_cpp_1_10_11-gnu-openmpi4-hpc, p-cpe:/a:novell:suse_linux:hdf5_1_10_11-gnu-mvapich2-hpc

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/20/2024

Vulnerability Publication Date: 11/17/2016

Reference Information

CVE: CVE-2016-4332, CVE-2018-11202, CVE-2019-8396, CVE-2020-10812, CVE-2021-37501

SuSE: SUSE-SU-2024:0538-1