mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 17:19:23 +00:00
Code Issues Projects Releases Wiki Activity

hdf5 1.14.4-3: fix CVE-2025-2912

Browse Source 
Upstream Repository: https://github.com/HDFGroup/hdf5.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2912
Type: Security Fix
CVE: CVE-2025-2912
Score: 4.8
Patch: https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a

Analysis:
- CVE-2025-2913 was previously fixed by [1], which is also addresses CVE-2025-2912
  as noted in [4].
- NVD [2] references the GitHub discussion [3] for CVE-2025-2912, and we successfully
  reproduced the issue following the steps outlined there.
- Applied the fix from [4] and verified resolution using the reproduction steps.
- The same patch [4] is already included in OE-scarthgap [5] for CVE-2025-2913.
- Therefore, reused the patch from [5] to resolve CVE-2025-2912.

References:
[1] https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-2912
[3] https://github.com/HDFGroup/hdf5/issues/5370#issue-2917388806
[4] https://github.com/HDFGroup/hdf5/issues/5370#issuecomment-3542881855
[5] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/hdf5?h=scarthgap&id=b42e6eb3e51a

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Sudhir Dumbhare
2025-12-08 20:59:14 -08:00
committed by Anuj Mittal
parent c223262bd7
commit e0dbf0bcd3
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/hdf5/files/CVE-2025-2913.patch → meta-oe/recipes-support/hdf5/files/CVE-2025-2913-CVE-2025-2912.patch
+2 -1
View File
@@ -9,10 +9,11 @@ one of the free lists. It appeared that the library came to this vulnerability
after it encountered an undetected reading of a bad value. The fuzzer now failed after it encountered an undetected reading of a bad value. The fuzzer now failed
with an appropriate error message. with an appropriate error message.
CVE: CVE-2025-2913 CVE: CVE-2025-2913 CVE-2025-2912
Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a09c892bc97ac32d9515c3777ce07] Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a09c892bc97ac32d9515c3777ce07]
(cherry picked from commit 7cc8b5e1010a09c892bc97ac32d9515c3777ce07) (cherry picked from commit 7cc8b5e1010a09c892bc97ac32d9515c3777ce07)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
--- ---
src/H5Ocont.c | 2 ++ src/H5Ocont.c | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
+1 -1
View File
@@ -15,7 +15,7 @@ SRC_URI = " \
https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.14/hdf5-1.14.4/src/${BPN}-${PV}.tar.gz \ https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.14/hdf5-1.14.4/src/${BPN}-${PV}.tar.gz \
file://0002-Remove-suffix-shared-from-shared-library-name.patch \ file://0002-Remove-suffix-shared-from-shared-library-name.patch \
file://0001-cmake-remove-build-flags.patch \ file://0001-cmake-remove-build-flags.patch \
file://CVE-2025-2913.patch \ file://CVE-2025-2913-CVE-2025-2912.patch \
file://CVE-2025-2914.patch \ file://CVE-2025-2914.patch \
file://CVE-2025-2915.patch \ file://CVE-2025-2915.patch \
file://CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch \ file://CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch \