USN-4817-1: HDF5 vulnerabilities

Publication date

15 March 2021

Overview

HDF5 could be made to crash if it opened a specially crafted file.

Releases

Packages

It was discovered that HDF5 incorrectly handled certain hdf5 files. An
attacker could possibly use this issue to cause a denial of service.

In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
18.04 bionic	hdf5-helpers – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	libhdf5-cpp-100 – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	libhdf5-openmpi-100 – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	libhdf5-mpich-100 – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	libhdf5-100 – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	libhdf5-jni – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	libhdf5-java – 1.10.0-patch1+docs-4ubuntu0.1~esm1
	hdf5-tools – 1.10.0-patch1+docs-4ubuntu0.1~esm1
16.04 xenial	libhdf5-doc – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-10 – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-dev – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-cpp-11 – 1.8.16+docs-4ubuntu1.1+esm1
	hdf5-helpers – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-openmpi-dev – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-openmpi-10 – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-mpich-10 – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-mpich-dev – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-mpi-dev – 1.8.16+docs-4ubuntu1.1+esm1
	libhdf5-serial-dev – 1.8.16+docs-4ubuntu1.1+esm1
	hdf5-tools – 1.8.16+docs-4ubuntu1.1+esm1
14.04 trusty	libhdf5-mpich2-7 – 1.8.11-5ubuntu7.1+esm1
	hdf5-helpers – 1.8.11-5ubuntu7.1+esm1
	libhdf5-7 – 1.8.11-5ubuntu7.1+esm1
	libhdf5-openmpi-7 – 1.8.11-5ubuntu7.1+esm1
	hdf5-tools – 1.8.11-5ubuntu7.1+esm1

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro