OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023

9 Jun 2023

      2023年06月安全漏洞

发布于2023.06.02
最后更新于2023.06.02

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE

严重程度

CVSS 3.1得分

受影响的OpenHarmony版本

修复链接

CVE-2023-27533

高

8.8

OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.2.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/44
3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27534

高

8.8

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27535

高

7.5

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27536

严重

9.8

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27538

中

5.5

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-29469

中

5.9

OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.2.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/44
3.1.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/45
3.0.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/46

CVE-2023-28484

中

5.9

OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8

3.2.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/44
3.1.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/45
3.0.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/46

如下是各维护版本的安全补丁标签，请在合入对应安全补丁的同时，更新安全补丁标签。
安全补丁标签

链接

2023年6月

[3.2.x]https://gitee.com/openharmony/startup_init/pulls/2020

[3.1.x]https://gitee.com/openharmony/startup_syspara_lite/pulls/239
[3.1.x]https://gitee.com/openharmony/startup_init/pulls/2007

[3.0.x]https://gitee.com/openharmony/startup_syspara_lite/pulls/238

Security Vulnerabilities in June 2023

published June 2,2023
updated June 2,2023

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE

severity

CVSS 3.1

affected OpenHarmony versions

fix links

CVE-2023-27533

High

8.8

OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.2.xhttps://gitee.com/openharmony/third_party_curl/pulls/128
3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27534

High

8.8

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27535

High

7.5

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27536

Critical

9.8

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-27538

Medium

5.5

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/130
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/131

CVE-2023-29469

Medium

5.9

OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.2.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/44
3.1.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/45
3.0.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/46

CVE-2023-28484

Medium

5.9

OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8

3.2.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/44
3.1.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/45
3.0.xhttps://gitee.com/openharmony/third_party_libxml2/pulls/46

The following are the security patch labels for each maintenance version. Please update the security patch labels while incorporating the corresponding security patches.
Security patch label

fix links

June 2023

[3.2.x]https://gitee.com/openharmony/startup_init/pulls/2020

[3.1.x]https://gitee.com/openharmony/startup_syspara_lite/pulls/239
[3.1.x]https://gitee.com/openharmony/startup_init/pulls/2007

[3.0.x]https://gitee.com/openharmony/startup_syspara_lite/pulls/238

Zhangadong (zhangadong, OS)

tags

participants (1)