lists.openatom.io
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
List overview
Download
Security-bulletin
----- 2024 -----
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
security@openharmony.io
1 participants
24 discussions
Start a n
N
ew thread
2024年4月安全公告
by 王晨
发布于2024.04.02 CVE漏洞描述漏洞影响严重程度受影响的版本受影响的仓库修复链接 CVE-2024-21834Arkui类型混淆漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkui_ace_engine3.2.x CVE-2024-22177Audio权限管理不当漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasemultimedia_audio_framework3.2.x CVE-2024-22098AVSession释放后使用漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasemultimedia_av_session3.2.x CVE-2024-22180Camera释放后使用漏洞本地攻击者通过本漏洞造成DOS低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasemultimedia_camera_framework3.2.x 4.0.x CVE-2024-29074Telephony入参检测不完善漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasetelephony_cellular_call3.2.x 3.2.x CVE-2024-22092包管理权限管理不当漏洞远程攻击者通过本漏洞绕过管控安装应用, 但需要本地用户的交互高危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasebundlemanager_bundle_framework3.2.x CVE-2024-24581方舟eTS运行时越界写漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasearkcompiler_ets_runtime3.2.x 4.0.x CVE-2024-28226文件系统入参检测不完善漏洞远程攻击者通过本漏洞造成DOS高危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasekernel_linux_5.103.2.x 4.0.x CVE-2024-28951方舟eTS运行时释放后使用漏洞本地攻击者通过本漏洞可在预装应用中执行代码中危OpenHarmony-v4.0-Releasearkcompiler_ets_runtime4.0.x CVE-2024-29086方舟eTS运行时栈溢出漏洞本地攻击者通过本漏洞造成DOS低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkcompiler_ets_runtime3.2.x 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-0641中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2022-48619中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-39197中危4.0kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0584中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-46343中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23851中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23850中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23849中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0639中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0775高危7.1kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51043高危7.0kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-52340高危7.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-46838高危7.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2022-2503中危6.7kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2014-0069高危8.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-1086高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2015-5157高危8.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2021-46958高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-25062高危7.5third_party_libxml2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-24806致命9.8third_party_libuvOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-22195中危6.1third_party_jinja2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0814中危6.5third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0810中危4.3third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-6040高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x 请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至04月。 对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2633
4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2632
3 weeks, 4 days
1
0
0
0
2024年3月安全公告
by 王晨
发布于2024.03.04 CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接 CVE-2023-25176剪切板越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasedistributeddatamgr_pasteboard3.2.x CVE-2023-46708WLAN UAF漏洞本地攻击者通过本漏洞可在任意应用中执行代码4.3OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_wifi3.2.x CVE-2023-49602Arkui 类型混淆漏洞本地攻击者通过本漏洞造成应用崩溃2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkui_ace_engine3.2.x 3.2.x CVE-2024-21816后台任务管理权限管理不当漏洞本地攻击者通过本漏洞绕过鉴权访问数据4.0OpenHarmony-v4.0-Releaseresourceschedule_background_task_mgr4.0.x CVE-2024-21826密钥管理敏感信息泄露漏洞近场攻击者通过本漏洞造成敏感信息泄露4.3OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasesecurity_huks3.2.x 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-0519高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0518高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0333中危5.3third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0224高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0223高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0222高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-7192中危4.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-7024高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-6531高危7.0kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-6112高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5997高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5996高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5849高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5717高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-5482高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5480中危6.1third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51782中危4.6kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51781中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-51780中危4.6kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-45897致命9.1third_party_exfatprogsOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2022-46908高危7.3third_party_sqliteOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2021-44879中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x 请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至03月。 对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2550
4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2549
1 month, 3 weeks
1
0
0
0
2024年2月安全公告
by 王晨
发布于2024.02.02 CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接 CVE-2023-49118软总线越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x CVE-2023-43756软总线越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x CVE-2023-45734软总线越界写漏洞近场攻击者通过本漏洞执行代码4.2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x CVE-2024-21860软总线释放后使用漏洞近场攻击者通过本漏洞在任意应用中执行代码8.2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-21845软总线整数溢出漏洞近场攻击者通过本漏洞造成堆溢出2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-21851软总线整数溢出漏洞近场攻击者通过本漏洞造成堆溢出2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-21863软总线数据校验不完善的漏洞近场攻击者通过本漏洞造成DOS4.7OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-0285软总线未判断数据长度的漏洞近场攻击者通过本漏洞造成DOS4.7OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_ipc3.2.x 4.0.x 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2023-56785.3中危third_party_opensslOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2023-444298.8高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2023-444468.8高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2023-65108.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-63459.6致命third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-63478.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-65088.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-68177.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-69317.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-69327.0高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-350017.8高危kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-71047.3高危third_party_sqliteOpenHarmony-v4.0-Release4.0.x CVE-2023-67058.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-67028.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-67038.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x 请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至02月。 对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2478
4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2481
2 months, 3 weeks
1
0
0
0
2024年1月安全公告
by 王晨
发布于2024.01.02 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2023-47216Liteos-A 资源未释放的漏洞本地攻击者通过本漏洞造成DOS2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2third_party_musl3.2.x CVE-2023-49142多媒体音频组件指针释放后使用的漏洞本地攻击者通过本漏洞造成音频组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_audio_framework3.2.x CVE-2023-47857多媒体相机组件指针释放后使用的漏洞本地攻击者通过本漏洞造成相机组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_camera_framework3.2.x CVE-2023-49135多媒体播放器组件指针释放后使用的漏洞本地攻击者通过本漏洞造成播放器组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_player_framework3.2.x CVE-2023-48360多媒体播放器组件指针释放后使用的漏洞本地攻击者通过本漏洞造成播放器组件崩溃4.0OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2multimedia_player_framework3.2.x 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2023-58498.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54806.1中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54828.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-59968.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-61128.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-59978.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-57177.8高危kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-53637.5中危third_party_opensslOpenHarmony-v4.0-Release4.0.x CVE-2022-469087.3中危third_party_sqliteOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release3.2.x CVE-2023-404756.3中危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-404768.3高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-54846.5中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release OpenHarmony-v4.0-Release3.2.x 4.0.x 如下是各维护版本的安全补丁标签,请在合入当月及之前全部对应安全补丁之后,更新安全补丁标签。 安全补丁标签链接 2024年01月[4.0.x] [3.2.x]
3 months, 3 weeks
1
0
0
0
2023年11月安全公告
by 王晨
本次安全公告发布于2023.11.07 CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接 CVE-2023-4753内核中系统调用接收用户态参数函数使用错误可导致内核crash5.5
OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2kernel_liteos_ahttps://gitee.com…
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2023-427537.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3…
CVE-2023-21638.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-48638.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-49217.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-48077.8高危third_party_opensslOpenHarmony-v3.2-Release到OpenHarmony-v…
CVE-2023-47638.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-47628.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-46227高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.…
CVE-2023-46237.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-42067.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-42077.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-42087.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-45728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-37777.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至11月。 对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2330
5 months, 3 weeks
1
0
0
0
[请阅] 补发10月提前披露安全公告
by 王晨
本次批漏发布于2023.09.15 批漏信息禁运声明:下述issue将在2023年10月初在OpenHarmony社区安全公告,请注意对这些问题的保密,确保公开讨论在OpenHarmony社区公开公告之后。 备注:OpenHarmony 3.0-LTS和3.1-Release分支已停止维护,后续这两个分支的安全漏洞也不再维护,详情参见: OpenHarmony 3.0-LTS和3.1-Release分支停止维护公告 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2023-44595.5中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-43877.1高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-43855.5中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-402837.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3…
CVE-2023-41945.5中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-42736中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.…
CVE-2023-38127.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-35677.1高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.…
CVE-2023-45728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-4427-1未知third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v…
CVE-2023-43558.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-43528.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-43628.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-43538.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-43548.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-43518.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-43578.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-40768.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-40718.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2023-40728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2022-49084.3中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
CVE-2022-4911-1未知third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v…
CVE-2023-3598-1未知third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v…
CVE-2022-49096.3中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-…
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至10月。 对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2244
6 months, 3 weeks
1
0
0
0
OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023
by Zhangadong (zhangadong, OS)
2023年06月安全漏洞 发布于2023.06.02 最后更新于2023.06.02 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 CVE 严重程度 CVSS 3.1得分 受影响的OpenHarmony版本 修复链接 CVE-2023-27533 高 8.8 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/44
> 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27534 高 8.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27535 高 7.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27536 严重 9.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27538 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-29469 中 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/44
> 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/45
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/46
> CVE-2023-28484 中 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/44
> 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/45
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/46
> 如下是各维护版本的安全补丁标签,请在合入对应安全补丁的同时,更新安全补丁标签。 安全补丁标签 链接 2023年6月 [3.2.x]<
https://gitee.com/openharmony/startup_init/pulls/2020
> [3.1.x]<
https://gitee.com/openharmony/startup_syspara_lite/pulls/239
> [3.1.x]<
https://gitee.com/openharmony/startup_init/pulls/2007
> [3.0.x]<
https://gitee.com/openharmony/startup_syspara_lite/pulls/238
> Security Vulnerabilities in June 2023 published June 2,2023 updated June 2,2023 The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity CVSS 3.1 affected OpenHarmony versions fix links CVE-2023-27533 High 8.8 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<
https://gitee.com/openharmony/third_party_curl/pulls/128
> 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27534 High 8.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27535 High 7.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27536 Critical 9.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-27538 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/130
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/131
> CVE-2023-29469 Medium 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/44
> 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/45
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/46
> CVE-2023-28484 Medium 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/44
> 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/45
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/46
> The following are the security patch labels for each maintenance version. Please update the security patch labels while incorporating the corresponding security patches. Security patch label fix links June 2023 [3.2.x]<
https://gitee.com/openharmony/startup_init/pulls/2020
> [3.1.x]<
https://gitee.com/openharmony/startup_syspara_lite/pulls/239
> [3.1.x]<
https://gitee.com/openharmony/startup_init/pulls/2007
> [3.0.x]<
https://gitee.com/openharmony/startup_syspara_lite/pulls/238
>
10 months, 3 weeks
1
0
0
0
撤回: OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023
by Zhangadong (zhangadong, OS)
Zhangadong (zhangadong, OS) 将撤回邮件“OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023”。
10 months, 3 weeks
1
0
0
0
撤回: OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023
by Zhangadong (zhangadong, OS)
Zhangadong (zhangadong, OS) 将撤回邮件“OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023”。
10 months, 3 weeks
1
0
0
0
撤回: OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023
by Zhangadong (zhangadong, OS)
Zhangadong (zhangadong, OS) 将撤回邮件“OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023”。
10 months, 3 weeks
1
0
0
0
← Newer
1
2
3
Older →
Jump to page:
1
2
3
Results per page:
10
25
50
100
200