本次批漏发布于2023.09.15 批漏信息禁运声明:下述issue将在2023年10月初在OpenHarmony社区安全公告,请注意对这些问题的保密,确保公开讨论在OpenHarmony社区公开公告之后。 备注:OpenHarmony 3.0-LTS和3.1-Release分支已停止维护,后续这两个分支的安全漏洞也不再维护,详情参见: OpenHarmony 3.0-LTS和3.1-Release分支停止维护公告 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本 CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2023-44595.5中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1023 CVE-2023-43877.1高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1023 CVE-2023-43855.5中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1023 CVE-2023-402837.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1027 CVE-2023-41945.5中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 CVE-2023-42736中危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 CVE-2023-38127.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 CVE-2023-35677.1高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1013 CVE-2023-45728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/988 CVE-2023-4427-1未知third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43558.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43528.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43628.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43538.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43548.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43518.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-43578.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/961 CVE-2023-40768.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/935 CVE-2023-40718.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/935 CVE-2023-40728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/935 CVE-2022-49084.3中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/935 CVE-2022-4911-1未知third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/935 CVE-2023-3598-1未知third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/919 CVE-2022-49096.3中危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/919 请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至10月。 对应维护版本安全补丁修改方式参考链接 3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2244
participants (1)
-
王晨