lists.openatom.io
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
May
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
List overview
Download
Security-bulletin
April 2024
----- 2024 -----
May 2024
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
security@openharmony.io
1 participants
1 discussions
Start a n
N
ew thread
2024年4月安全公告
by 王晨
发布于2024.04.02 CVE漏洞描述漏洞影响严重程度受影响的版本受影响的仓库修复链接 CVE-2024-21834Arkui类型混淆漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkui_ace_engine3.2.x CVE-2024-22177Audio权限管理不当漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasemultimedia_audio_framework3.2.x CVE-2024-22098AVSession释放后使用漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasemultimedia_av_session3.2.x CVE-2024-22180Camera释放后使用漏洞本地攻击者通过本漏洞造成DOS低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasemultimedia_camera_framework3.2.x 4.0.x CVE-2024-29074Telephony入参检测不完善漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasetelephony_cellular_call3.2.x 3.2.x CVE-2024-22092包管理权限管理不当漏洞远程攻击者通过本漏洞绕过管控安装应用, 但需要本地用户的交互高危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasebundlemanager_bundle_framework3.2.x CVE-2024-24581方舟eTS运行时越界写漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasearkcompiler_ets_runtime3.2.x 4.0.x CVE-2024-28226文件系统入参检测不完善漏洞远程攻击者通过本漏洞造成DOS高危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasekernel_linux_5.103.2.x 4.0.x CVE-2024-28951方舟eTS运行时释放后使用漏洞本地攻击者通过本漏洞可在预装应用中执行代码中危OpenHarmony-v4.0-Releasearkcompiler_ets_runtime4.0.x CVE-2024-29086方舟eTS运行时栈溢出漏洞本地攻击者通过本漏洞造成DOS低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkcompiler_ets_runtime3.2.x 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-0641中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2022-48619中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-39197中危4.0kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0584中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-46343中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23851中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23850中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23849中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0639中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0775高危7.1kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51043高危7.0kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-52340高危7.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-46838高危7.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2022-2503中危6.7kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2014-0069高危8.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-1086高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2015-5157高危8.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2021-46958高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-25062高危7.5third_party_libxml2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-24806致命9.8third_party_libuvOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-22195中危6.1third_party_jinja2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0814中危6.5third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0810中危4.3third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-6040高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x 请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至04月。 对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2633
4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2632
1 month, 1 week
1
0
0
0
← Newer
1
Older →
Jump to page:
1
Results per page:
10
25
50
100
200