2023年06月安全漏洞 发布于2023.06.02 最后更新于2023.06.02 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度 CVSS 3.1得分 受影响的OpenHarmony版本 修复链接 CVE-2023-27533 高 8.8 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_libxml2/pulls/44> 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27534 高 8.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27535 高 7.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27536 严重 9.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27538 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-29469 中 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_libxml2/pulls/44> 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/45> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/46> CVE-2023-28484 中 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_libxml2/pulls/44> 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/45> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/46> 如下是各维护版本的安全补丁标签，请在合入对应安全补丁的同时，更新安全补丁标签。 安全补丁标签 链接 2023年6月 [3.2.x]<https://gitee.com/openharmony/startup_init/pulls/2020> [3.1.x]<https://gitee.com/openharmony/startup_syspara_lite/pulls/239> [3.1.x]<https://gitee.com/openharmony/startup_init/pulls/2007> [3.0.x]<https://gitee.com/openharmony/startup_syspara_lite/pulls/238> Security Vulnerabilities in June 2023 published June 2,2023 updated June 2,2023 The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity CVSS 3.1 affected OpenHarmony versions fix links CVE-2023-27533 High 8.8 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_curl/pulls/128> 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27534 High 8.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27535 High 7.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27536 Critical 9.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-27538 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/130> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/131> CVE-2023-29469 Medium 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_libxml2/pulls/44> 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/45> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/46> CVE-2023-28484 Medium 5.9 OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_libxml2/pulls/44> 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/45> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/46> The following are the security patch labels for each maintenance version. Please update the security patch labels while incorporating the corresponding security patches. Security patch label fix links June 2023 [3.2.x]<https://gitee.com/openharmony/startup_init/pulls/2020> [3.1.x]<https://gitee.com/openharmony/startup_syspara_lite/pulls/239> [3.1.x]<https://gitee.com/openharmony/startup_init/pulls/2007> [3.0.x]<https://gitee.com/openharmony/startup_syspara_lite/pulls/238>