Dear all, 经社区Release SIG、QA SIG及 CICD SIG 评估,openEuler-20.03-LTS-SP1、openEuler-20.03-LTS-SP3及openEuler-22.03-LTS update版本满足版本出口质量,现进行发布公示。 本公示分为五部分: 1、openEuler-20.03-LTS-SP1 Update 20230201发布情况及待修复缺陷 2、openEuler-20.03-LTS-SP3 Update 20230201发布情况及待修复缺陷 3、openEuler-22.03-LTS Update 20230201发布情况及待修复缺陷 4、openEuler 关键组件待修复CVE 清单 5、openEuler 社区指导文档及开放平台链接 本次update版本发布后,下一个版本里程碑点(预计在2023/02/07)提供 update_20230203 版本。 openEuler-20.03-LTS-SP1 Update 20230201 经各SIG及社区开发者贡献,本周openEuler-20.03-LTS-SP1修复版本已知问题2个,已知漏洞17个。目前版本分支剩余待修复缺陷39个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-20.03-LTS-SP1 Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I6BKWV?from=project-is... CVE 仓库 score CVE-2023-24056 pkgconf 9.8 CVE-2023-22809 sudo 7.8 CVE-2023-0288 vim 7.8 CVE-2022-47024 vim 7.8 CVE-2022-41953 git 7.8 CVE-2022-48281 libtiff 7.5 CVE-2022-38023 samba 8.1 CVE-2022-47021 opusfile 7.8 CVE-2022-42890 batik 7.5 CVE-2022-42252 tomcat 7.5 CVE-2022-41704 batik 7.5 CVE-2023-23455 kernel 5.5 CVE-2023-23454 kernel 7.8 CVE-2023-0047 kernel 5.1 CVE-2022-47929 kernel 5.5 CVE-2020-10775 ovirt-engine 5.3 CVE-2021-3930 qemu 6.5 CVE修复: Bugfix: issue 仓库 #I6AXHU:4.19回合主线bugfix补丁 kernel #I5UNVT:开源软件包libbpf补丁例行分析回合 libbpf openEuler-20.03-LTS-SP1版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP1 https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP1:Epol openEuler-20.03-LTS-SP1 Update版本 发布源链接: https://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/ https://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/update/ openEuler CVE 及 安全公告公示链接: https://www.openeuler.org/zh/security/cve/ https://www.openeuler.org/zh/security/safety-bulletin/ https://repo.openeuler.org/security/data/cvrf/ openEuler-20.03-LTS-SP1 Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I281C1 【fuzz】runtime error: libsass Base-service I437CR [SP1][arm/x86]obs-server包下11个服务启动关闭,出现报错 obs-server Others I43OSX [clamav] 执行clamscan --statistics pcre命令会出现error,但是最终返回码为0 clamav Others I490MU Uncaught exception in get_tokens_unprocessed python-pygments Programming-language I4F8YQ integer overflow in start_input_bmp libjpeg-turbo Desktop I4F8ZI heap-buffer-overflow in get_word_rgb_row libjpeg-turbo Desktop I4F903 Unexpect-exit in start_input_tga libjpeg-turbo Desktop I4F913 Timeout in tjDecompress2 libjpeg-turbo Desktop I4G4A5 Undefine-shift in _bfd_safe_read_leb128 binutils Base-service I4G4B1 Integer overflow in print_vms_time binutils Base-service I4G4VY memleak in parse_gnu_debugaltlink binutils Base-service I4G4WF Heap-buffer-overflow in slurp_hppa_unwind_table binutils Base-service I4G4WW Use-after-free in make_qualified_name binutils Base-service I4G4X6 memleak in byte_get_little_endian binutils Base-service I4G4XF memleak in process_mips_specific binutils Base-service I4G4Y0 out-of-memory in vms_lib_read_index binutils Base-service I4G4YJ Heap-buffer-overflow in bfd_getl16 binutils Base-service I4G4YV Floating point exception in _bfd_vms_slurp_etir binutils Base-service I4J0OY 【20.03 SP1】【arm/x86】安装好libdap后,getdap4命令的-i和-k参数使用异常 libdap sig-recycle I4K6ES stack-buffer-overflow in UINT32_Marshal libtpms sig-security-facility I4K6FU global-buffer-overflow in Array_Marshal libtpms sig-security-facility I4K6R7 memleak in wrap_nettle_mpi_init gnutls sig-security-facility I4K6UI Timeout in _asn1_find_up gnutls sig-security-facility I4KT2A integer overflow in luaV_execute lua Base-service I4KT3D integer overflow in intarith lua Base-service I4KT3Q Division by zero in luaV_execute lua Base-service I4KT40 Timeout in luaV_finishget lua Base-service I4O16Z 【SP1_update/arm】安装kernel-4.19.90-2108版本有错误提示信息 kernel Kernel I4QV6N 【openEuler-20.03-LTS-SP1】flink命令执行失败 flink sig-ai-bigdata I5IG1V 【20.03-SP1】【x86/arm】epol源下的efl、efl-devel软件包安装报错,gpg检查失败 efl sig-compat-winapp I5IG6K 【20.03-SP1】【x86/arm】epol源下的opencryptoki、opencryptoki-devel软件包安装报错,gpg检查失败 opencryptoki dev-utils I6975Y 【arm】--enable-bootstrap构建gcc失败 gcc Compiler I6AA06 【20.03-LTS-SP1-update-0111】【arm/x86】执行sosreport -a报错“TypeError: 'NoneType' object is not iterable” sos Base-service I6AASB 【arm】【codedb】-O3 -fipa-struct-reorg=2编译AmberToolsICE: lto1: internal compiler error: rewrite failed for realloc gcc Compiler I6AZZU 【arm】【codedb】-O3 -fipa-struct-reorg=3运行bcftools应用Segmentation fault (core dumped) gcc Compiler openEuler-20.03-LTS-SP3 Update 20230201 经各SIG及社区开发者贡献,本周openEuler-20.03-LTS-SP3修复版本已知问2个,已知漏洞16个。目前版本分支剩余待修复缺陷 11个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-20.03-LTS-SP3 Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I64IWS?from=project-is... CVE修复: 需求类型 软件包 优先级 CVE-2023-24056 pkgconf 9.8 CVE-2023-22809 sudo 7.8 CVE-2023-0288 vim 7.8 CVE-2022-47024 vim 7.8 CVE-2022-41953 git 7.8 CVE-2022-48281 libtiff 7.5 CVE-2022-38023 samba 8.1 CVE-2022-47021 opusfile 7.8 CVE-2022-42890 batik 7.5 CVE-2022-42252 tomcat 7.5 CVE-2022-41704 batik 7.5 CVE-2023-23455 kernel 5.5 CVE-2023-23454 kernel 7.8 CVE-2023-0047 kernel 5.1 CVE-2022-47929 kernel 5.5 CVE-2021-3930 qemu 6.5 Bugfix: issue 仓库 status 责任田 #I6AXHU:4.19回合主线bugfix补丁 kernel 已完成 内核 #I5UNVT:开源软件包libbpf补丁例行分析回合 libbpf 已完成 EulerOS-网络 openEuler-20.03-LTS-SP3版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP3 https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP3:Epol openEuler-20.03-LTS-SP3 Update版本 发布源链接: https://repo.openeuler.org/openEuler-20.03-LTS-SP3/update/ https://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/update/main/ openEuler CVE 及 安全公告公示链接: https://www.openeuler.org/zh/security/cve/ https://www.openeuler.org/zh/security/safety-bulletin/ https://repo.openeuler.org/security/data/cvrf/ openEuler-20.03-LTS-SP3 Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I4QV7S 【openEuler-20.03-LTS-SP3】flink run 命令执行失败 flink sig-ai-bigdata I4UMEV [openEuler 20.03-LTS SP3]openEuler开启crash_kexec_post_notifiers后,panic通知链无法完全遍历 kernel Kernel I5IGAS 【20.03-SP3】【x86/arm】epol源下的opencryptoki、opencryptoki-devel软件包安装报错,gpg检查失败 opencryptoki dev-utils I5IGOR 【20.03-SP3】【x86/arm】epol源下的fluidsynth、fluidsynth-devel、fluidsynth-help软件包安装报错,gpg检查失败 fluidsynth Application I613DI 【20.03 SP3】当前最新版本的kernel、 oec-hardware、 openEuler-release三个包同时安装,虚拟机启动失败 openEuler-release Base-service I61LEV 【20.03 LTS SP3】【arm/x86】安装oscilloscope,然后执行oscilloscope -h报错 tuna Others I66BBJ [20.03-LTS-SP3]/etc/yum.repos.d/openEuler.repo源中默认没有update的source源 openEuler-repos Base-service I66J22 【20.03-LTS-SP3】【arm/x86】openvswitch-ipsec软件包安装失败,提示冲突 openvswitch Networking I66J48 【20.03-LTS-SP3】【arm/x86】ovn-controller.service服务启动失败 openvswitch Networking I66J58 【20.03-LTS-SP3】【arm/x86】ovn-northd.service服务启动失败 openvswitch Networking I66J5V 【20.03-LTS-SP3】【arm/x86】ovn-controller-vtep.service服务启动失败 openvswitch Networking openEuler-22.03-LTS Update 20230201 经各SIG及社区开发者贡献,本周openEuler-22.03-LTS修复版本已知问题8个,已知漏洞21个。目前版本分支剩余待修复缺陷3个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-22.03-LTS Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I64IWT?from=project-is... CVE修复: CVE 仓库 score CVE-2022-47024 vim 7.8 CVE-2023-0288 vim 7.8 CVE-2023-22809 sudo 7.8 CVE-2023-24056 pkgconf 9.8 CVE-2022-41953 git 7.8 CVE-2022-38023 samba 8.1 CVE-2022-48281 libtiff 7.5 CVE-2022-42252 tomcat 7.5 CVE-2022-47021 opusfile 7.8 CVE-2022-41704 batik 7.5 CVE-2022-42890 batik 7.5 CVE-2021-36690 sqlite 7.5 CVE-2022-4696 kernel 7.8 CVE-2022-47929 kernel 5.5 CVE-2023-0179 kernel 1 CVE-2023-0210 kernel 5.9 CVE-2023-20928 kernel 7.5 CVE-2023-23454 kernel 7.8 CVE-2023-23455 kernel 5.5 CVE-2023-23559 kernel 7.8 CVE-2020-10775 ovirt-engine 5.3 Bugfix: issue 仓库 #I6CA2Y:update_20230201-修复glib2-static安装时找不到sysprof-capture-static安装依赖 sysprof #I6CA6S:update-20230201-add loongarch support for ceph ceph #I6AYYO:PR373 SPEC删除了补丁,但补丁文件没有被删除 systemd #I6C4QA:【X86/ARM】【SDV-All-libxml2-补丁分析】补丁数量:4 libxml2 #I6C2MC:使用gradle编译项目报Javac compiler message file broken: key=compiler.misc.msg.bug arguments openjdk-11 #I6BCMV:【openEuler:Mainline】obs编译失败 A-Tune #I6AW65:【backport】mm/vmpressure: fix data-race with memcg->socket_pressure kernel #I5UNVT:开源软件包libbpf补丁例行分析回合 libbpf openEuler-22.03-LTS版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:22.03:LTS https://build.openeuler.org/project/show/openEuler:22.03:LTS:Epol openEuler-22.03-LTS Update版本 发布源链接: https://repo.openeuler.org/openEuler-22.03-LTS/update/ https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/main/ https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/multi_version/Ope... https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/multi_version/Ope... openEuler-22.03-LTS Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I5Q4S3 [22.03-LTS]x86虚拟机卸载qxl模块,机器自动重启 kernel Kernel I665SM resize2fs出现csum不一致 kernel Kernel I66BDE [22.03-LTS]/etc/yum.repos.d/openEuler.repo源中默认没有update的source源 openEuler-repos Base-service 社区待修复漏洞: openEuler社区根据漏洞严重等级采取差异化的修复策略,请各个SIG 关注涉及CVE组件的修复情况。 严重等级(Severity Rating) 漏洞修复时长 致命(Critical) 7天 高(High) 14天 中(Medium) 30天 低(Low) 30天 可参考社区安全委员会漏洞:https://gitee.com/openeuler/security-committee/wikis/%E7%A4%BE%E5%8C%BA%E6%B... 近14天将超期CVE: 漏洞编号 Issue ID 剩余天数 CVSS评分 软件包 责任SIG CVE-2023-23454 I6AQIL 3.56 7.8 kernel Kernel CVE-2022-0553 I6A0G8 7.77 4.6 zephyr CVE-2023-0210 I6A0GV 7.77 0.0 risc-v-kernel sig-RISC-V CVE-2022-47015 I6BCFO 8.73 7.5 mariadb DB CVE-2022-47016 I6BCFM 8.73 7.8 tmux Desktop CVE-2023-0433 I6BU72 11.35 7.8 vim Base-service CVE-2023-0047 I68UPT 1.14 0.0 risc-v-kernel sig-RISC-V CVE-2023-0047 I68UPT 1.14 0.0 risc-v-kernel sig-RISC-V CVE-2022-47952 I68C10 12.47 3.3 lxc iSulad CVE-2022-41717 I6ANT9 12.53 5.3 golang sig-golang CVE-2023-0179 I6AOP8 12.59 0.0 kernel Kernel CVE-2023-0266 I6AOWP 12.62 0.0 kernel Kernel CVE-2023-23455 I6AQG9 12.76 5.5 kernel Kernel CVE-2023-22458 I6ATA3 13.38 0.0 redis6 sig-bigdata CVE-2022-35977 I6ATA2 13.38 0.0 redis6 sig-bigdata CVE-2023-22458 I6ATA1 13.38 0.0 redis5 sig-bigdata CVE-2022-35977 I6ATA0 13.38 0.0 redis5 sig-bigdata CVE-2022-47630 I6AVW5 13.74 3.5 arm-trusted-firmware Base-service openEuler 社区指导文档及开放平台链接: openEuler 版本分支维护规范: https://gitee.com/openeuler/release-management/blob/master/openEuler%E7%89%8... openEuler release-management 版本分支PR指导: https://gitee.com/openeuler/release-management/blob/master/openEuler%E5%BC%8... 社区QA 版本测试提单规范 https://gitee.com/openeuler/QA/blob/839f952696f271f83c018ccf3218cf493b92d651... 社区QA 测试平台 radiates https://radiatest.openeuler.org<https://radiatest.openeuler.org/> 沐钰莹(openEuler release SIG) Mobile: +86 15651995918 中国(China)-杭州(Hangzhou)-滨江区江淑路360号华为杭州研发中心 HUAWEI , Jiangshu Road., Binjiang District, Hangzhou, P.R.China E-mail: muyuying1@huawei.com<mailto:muyuying1@huawei.com> [cid:image002.png@01D937F6.CC7F7D50]Open Source OS for Digital Infrastructure 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形 式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话 或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it
