An update for openblas is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1478
Final
1.0
1.0
2021-12-31
Initial
2021-12-31
2021-12-31
openEuler SA Tool V1.0
2021-12-31
openblas security update
An update for is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
An optimized BLAS library based on GotoBLAS2 1.13 BSD version.
Security Fix(es):
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.(CVE-2021-4048)
An update for openblas is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
openblas
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1478
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4048
https://nvd.nist.gov/vuln/detail/CVE-2021-4048
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openblas-devel-0.3.10-3.oe1.aarch64.rpm
openblas-debuginfo-0.3.10-3.oe1.aarch64.rpm
openblas-0.3.10-3.oe1.aarch64.rpm
openblas-debugsource-0.3.10-3.oe1.aarch64.rpm
openblas-debuginfo-0.3.10-3.oe1.aarch64.rpm
openblas-debugsource-0.3.10-3.oe1.aarch64.rpm
openblas-devel-0.3.10-3.oe1.aarch64.rpm
openblas-0.3.10-3.oe1.aarch64.rpm
openblas-0.3.10-3.oe1.src.rpm
openblas-0.3.10-3.oe1.src.rpm
openblas-debuginfo-0.3.10-3.oe1.x86_64.rpm
openblas-devel-0.3.10-3.oe1.x86_64.rpm
openblas-0.3.10-3.oe1.x86_64.rpm
openblas-debugsource-0.3.10-3.oe1.x86_64.rpm
openblas-devel-0.3.10-3.oe1.x86_64.rpm
openblas-debuginfo-0.3.10-3.oe1.x86_64.rpm
openblas-0.3.10-3.oe1.x86_64.rpm
openblas-debugsource-0.3.10-3.oe1.x86_64.rpm
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
2021-12-31
CVE-2021-4048
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
openblas security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1478