摘要:
lapack security update
安全等级: Medium
公告ID: KylinSec-SA-2022-2118
发布日期: 2022年9月23日
关联CVE: CVE-2021-4048
LAPACK (Linear Algebra PACKage) is a standard library for numerical linear algebra. LAPACK provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems. Associated matrix factorizations (LU, Cholesky, QR, SVD,Schur, and generalized Schur) and related computations (i.e.,reordering of Schur factorizations and estimating condition numbers)are also included. LAPACK can handle dense and banded matrices, but not general sparse matrices. Similar functionality is provided for real and complex matrices in both single and double precision. LAPACK is coded in Fortran90 and built with gcc.
Security Fix(es):
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.(CVE-2021-4048)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-4048 | KY3.4-5A | lapack | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| lapack | x86_64 | 3.9.0-6.kb1.ky3_4 |
| lapack-help | x86_64 | 3.9.0-6.kb1.ky3_4 |
| lapack-devel | x86_64 | 3.9.0-6.kb1.ky3_4 |
| lapack | aarch64 | 3.9.0-6.kb1.ky3_4 |
| lapack-help | aarch64 | 3.9.0-6.kb1.ky3_4 |
| lapack-devel | aarch64 | 3.9.0-6.kb1.ky3_4 |
sudo dnf udpate lapack
