Security update for lapack SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0915-1 Final 1 1 2022-03-21T15:50:46Z current 2022-03-21T15:50:46Z 2022-03-21T15:50:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for lapack This update for lapack fixes the following issues: - CVE-2021-4048: Fixed an out of bounds read when user input was not validated properly (bsc#1193562). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/lmcache-lmstack-router:0-2022-915,Container containers/lmcache-vllm-openai:0-2022-915,Container containers/open-webui:0-2022-915,Container containers/pytorch:2-nvidia-2022-915,Container containers/pytorch:2.5.0-2022-915,Container containers/vllm-openai:0-2022-915,Image ai_15_6-2022-915,SUSE-2022-915,SUSE-SLE-Module-Basesystem-15-SP3-2022-915,SUSE-SLE-Module-Development-Tools-15-SP3-2022-915,SUSE-SLE-Product-RT-15-SP2-2022-915 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220915-1/ Link for SUSE-SU-2022:0915-1 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010492.html E-Mail link for SUSE-SU-2022:0915-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1193562 SUSE Bug 1193562 https://www.suse.com/security/cve/CVE-2021-4048/ SUSE CVE CVE-2021-4048 page Container containers/lmcache-lmstack-router:0 Container containers/lmcache-vllm-openai:0 Container containers/open-webui:0 Container containers/pytorch:2-nvidia Container containers/pytorch:2.5.0 Container containers/vllm-openai:0 Image ai_15_6 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Real Time 15 SP2 libblas3-3.5.0-4.6.1 liblapack3-3.5.0-4.6.1 blas-devel-3.5.0-4.6.1 blas-devel-32bit-3.5.0-4.6.1 blas-devel-64bit-3.5.0-4.6.1 blas-devel-static-3.5.0-4.6.1 blas-man-3.5.0-4.6.1 lapack-devel-3.5.0-4.6.1 lapack-devel-32bit-3.5.0-4.6.1 lapack-devel-64bit-3.5.0-4.6.1 lapack-devel-static-3.5.0-4.6.1 lapack-man-3.5.0-4.6.1 lapacke-devel-3.5.0-4.6.1 lapacke-devel-32bit-3.5.0-4.6.1 lapacke-devel-64bit-3.5.0-4.6.1 lapacke-devel-static-3.5.0-4.6.1 libblas3-32bit-3.5.0-4.6.1 libblas3-64bit-3.5.0-4.6.1 liblapack3-32bit-3.5.0-4.6.1 liblapack3-64bit-3.5.0-4.6.1 liblapacke3-3.5.0-4.6.1 liblapacke3-32bit-3.5.0-4.6.1 liblapacke3-64bit-3.5.0-4.6.1 libblas3-3.5.0-4.6.1 as a component of Container containers/lmcache-lmstack-router:0 liblapack3-3.5.0-4.6.1 as a component of Container containers/lmcache-lmstack-router:0 libblas3-3.5.0-4.6.1 as a component of Container containers/lmcache-vllm-openai:0 liblapack3-3.5.0-4.6.1 as a component of Container containers/lmcache-vllm-openai:0 libblas3-3.5.0-4.6.1 as a component of Container containers/open-webui:0 liblapack3-3.5.0-4.6.1 as a component of Container containers/open-webui:0 libblas3-3.5.0-4.6.1 as a component of Container containers/pytorch:2-nvidia liblapack3-3.5.0-4.6.1 as a component of Container containers/pytorch:2-nvidia libblas3-3.5.0-4.6.1 as a component of Container containers/pytorch:2.5.0 liblapack3-3.5.0-4.6.1 as a component of Container containers/pytorch:2.5.0 libblas3-3.5.0-4.6.1 as a component of Container containers/vllm-openai:0 liblapack3-3.5.0-4.6.1 as a component of Container containers/vllm-openai:0 libblas3-3.5.0-4.6.1 as a component of Image ai_15_6 liblapack3-3.5.0-4.6.1 as a component of Image ai_15_6 blas-devel-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 lapack-devel-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libblas3-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 liblapack3-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 liblapacke3-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 blas-devel-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 lapack-devel-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 libblas3-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 liblapack3-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 liblapacke3-3.5.0-4.6.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. CVE-2021-4048 Container containers/lmcache-lmstack-router:0:libblas3-3.5.0-4.6.1 Container containers/lmcache-lmstack-router:0:liblapack3-3.5.0-4.6.1 Container containers/lmcache-vllm-openai:0:libblas3-3.5.0-4.6.1 Container containers/lmcache-vllm-openai:0:liblapack3-3.5.0-4.6.1 Container containers/open-webui:0:libblas3-3.5.0-4.6.1 Container containers/open-webui:0:liblapack3-3.5.0-4.6.1 Container containers/pytorch:2-nvidia:libblas3-3.5.0-4.6.1 Container containers/pytorch:2-nvidia:liblapack3-3.5.0-4.6.1 Container containers/pytorch:2.5.0:libblas3-3.5.0-4.6.1 Container containers/pytorch:2.5.0:liblapack3-3.5.0-4.6.1 Container containers/vllm-openai:0:libblas3-3.5.0-4.6.1 Container containers/vllm-openai:0:liblapack3-3.5.0-4.6.1 Image ai_15_6:libblas3-3.5.0-4.6.1 Image ai_15_6:liblapack3-3.5.0-4.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:blas-devel-3.5.0-4.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:lapack-devel-3.5.0-4.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libblas3-3.5.0-4.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:liblapack3-3.5.0-4.6.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:liblapacke3-3.5.0-4.6.1 SUSE Linux Enterprise Real Time 15 SP2:blas-devel-3.5.0-4.6.1 SUSE Linux Enterprise Real Time 15 SP2:lapack-devel-3.5.0-4.6.1 SUSE Linux Enterprise Real Time 15 SP2:libblas3-3.5.0-4.6.1 SUSE Linux Enterprise Real Time 15 SP2:liblapack3-3.5.0-4.6.1 SUSE Linux Enterprise Real Time 15 SP2:liblapacke3-3.5.0-4.6.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220915-1/ https://www.suse.com/security/cve/CVE-2021-4048.html CVE-2021-4048 https://bugzilla.suse.com/1193562 SUSE Bug 1193562