批漏信息禁运声明:下述issue将在2023年10月初在OpenHarmony社区安全公告,请注意对这些问题的保密,确保公开讨论在OpenHarmony社区公开公告之后。
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本
| CVSS 3.1 得分 | 严重程度 | 受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 | |
|---|---|---|---|---|---|
| CVE-2023-4459 | 5.5 | 中危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1023 |
| CVE-2023-4387 | 7.1 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1023 |
| CVE-2023-4385 | 5.5 | 中危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1023 |
| CVE-2023-40283 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1027 |
| CVE-2023-4194 | 5.5 | 中危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 |
| CVE-2023-4273 | 6 | 中危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 |
| CVE-2023-3812 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 |
| CVE-2023-3567 | 7.1 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 |
| CVE-2023-4572 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/988 |
| CVE-2023-4427 | -1 | 未知 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4355 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4352 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4362 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4353 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4354 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4351 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4357 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/961 |
| CVE-2023-4076 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/935 |
| CVE-2023-4071 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/935 |
| CVE-2023-4072 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/935 |
| CVE-2022-4908 | 4.3 | 中危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/935 |
| CVE-2022-4911 | -1 | 未知 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/935 |
| CVE-2023-3598 | -1 | 未知 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/919 |
| CVE-2022-4909 | 6.3 | 中危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release |
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至10月。
| 安全补丁修改方式参考链接 | |
|---|---|
| 3.2.x |