2024

2023

2022

List overview
Download

Security-bulletin May 2023

security@openharmony.io

1 participants
1 discussions

Start a nNew thread

OpenHarmony 2023年05月安全公告 Security Vulnerabilities in May 2023

by Liuxu (louis)

2023年05月安全漏洞发布于2023.05.09 最后更新于2023.05.09 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度 CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2021-36647 中 4.7 third_party_mbedtls device_hisilicon_hispark_taurus OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129> CVE-2023-1382 中 5.5 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805> CVE-2023-0386 中 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1281 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-28772 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1637 低 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2021-3923 低 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1380 高 7.1 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1582 中 4.7 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766> CVE-2022-48434 高 8.1 third_party_ffmpeg OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81> 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83> CVE-2023-1838 中 5.3 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774> CVE-2023-1838 中 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1855 中 6.3 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-30456 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2022-45934 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130> CVE-2022-2978 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122> CVE-2022-29581 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1989 高 7.0 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1829 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1990 中 4.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1859 中 6.4 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-2004 中 5.3 third_party_freetype OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51> 3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52> 3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53> CVE-2023-2006 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812> CVE-2023-2008 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788> Security Vulnerabilities in May 2023 published May 9,2023 updated May 9,2023 The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity CVSS3.1 affected repository affected OpenHarmony versions fix link CVE-2021-36647 Medium 4.7 third_party_mbedtls device_hisilicon_hispark_taurus OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129> CVE-2023-1382 Medium 5.5 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805> CVE-2023-0386 Medium 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1281 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-28772 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1637 Low 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2021-3923 Low 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1380 High 7.1 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1582 Medium 4.7 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766> CVE-2022-48434 High 8.1 third_party_ffmpeg OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81> 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83> CVE-2023-1838 Medium 5.3 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774> CVE-2023-1838 Medium 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1855 Medium 6.3 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-30456 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2022-45934 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130> CVE-2022-2978 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122> CVE-2022-29581 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1989 High 7.0 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1829 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1990 Medium 4.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1859 Medium 6.4 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-2004 Medium 5.3 third_party_freetype OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51> 3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52> 3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53> CVE-2023-2006 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812> CVE-2023-2008 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788>

11 months, 3 weeks

1
0
0 0