|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:20022-1 (matio)



From:
              meissner@suse.com


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:20022-1: important: Security update for matio


Date:
              Tue, 13 Jan 2026 17:51:55 +0100


Message-ID:
              <20260113165155.4A805FBA1@maintenance.suse.de>


Archive-link:
              Article


openSUSE security update: security update for matio
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20022-1
Rating: important
References:

  * bsc#1239677
  * bsc#1239678



Cross-References:

  * CVE-2025-2337
  * CVE-2025-2338



Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for matio fixes the following issues:

- update to version 1.5.29:
  * Fix printing rank-1-variable in Mat_VarPrint
  * Fix array index out of bounds in Mat_VarPrint when printing
    UTF-8 character data (boo#1239678, CVE-2025-2337)
  * Fix heap-based buffer overflow in strdup_vprintf
    (boo#1239677, CVE-2025-2338)
  * Changed Mat_VarPrint to print all values of rank-2-variable
  * Several other fixes, for example for access violations in
    Mat_VarPrint

- Update to version 1.5.28:
  * Fixed bug writing MAT_T_INT8/MAT_T_UINT8 encoded character
    array to compressed v5 MAT file (regression of v1.5.12).
  * Fixed bug reading all-zero sparse array of v4 MAT file
    (regression of v1.5.18).
  * Updated C99 snprintf.c.
  * CMake: Enabled testing.
  * Several other fixes, for example for access violations in
    Mat_VarPrint.


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-packagehub-66=1

Package List:

- openSUSE Leap 16.0:

  libmatio-devel-1.5.29-bp160.1.1
  libmatio13-1.5.29-bp160.1.1
  matio-tools-1.5.29-bp160.1.1

References:

  * https://www.suse.com/security/cve/CVE-2025-2337.html
  * https://www.suse.com/security/cve/CVE-2025-2338.html
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds