openEuler update_20230830版本发布公告
2 Sep
2023
2 Sep
'23
10:39 p.m.
Dear all,
经社区Release SIG、QA SIG及 CICD SIG 评估,openEuler-20.03-LTS-SP1、openEuler-20.03-LTS-SP3、openEuler-22.03-LTS、openEuler-22.03-LTS-SP1及openEuler-22.03-LTS-SP2 update版本满足版本出口质量,现进行发布公示。
本公示分为七部分:
1、openEuler-20.03-LTS-SP1 Update 20230830发布情况及待修复缺陷
2、openEuler-20.03-LTS-SP3 Update 20230830发布情况及待修复缺陷
3、openEuler-22.03-LTS Update 20230830发布情况及待修复缺陷
4、openEuler-22.03-LTS-SP1 Update 20230830发布情况及待修复缺陷
5、openEuler-22.03-LTS-SP2 Update 20230830发布情况(包含热补丁)及待修复缺陷
6、openEuler 关键组件待修复CVE 清单
7、openEuler 社区指导文档及开放平台链接
本次update版本发布后,下一个版本里程碑点(预计在2023/09/09)提供 update_20230906
openEuler-20.03-LTS-SP1 Update 20230830
经各SIG及社区开发者贡献,本周openEuler-20.03-LTS-SP1修复版本已知问题1个,已知漏洞39个。目前版本分支剩余待修复缺陷20个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库
openEuler-20.03-LTS-SP1 Update版本CVE修复
CVE修复:
CVE | 仓库 | score |
CVE-2022-48174 | busybox | 9.8 |
CVE-2020-22219 | flac | 9.8 |
CVE-2021-32292 | json-c | 9.8 |
CVE-2023-32002 | nodejs | 9.8 |
CVE-2023-32006 | nodejs | 8.8 |
CVE-2022-32212 | nodejs | 8.1 |
CVE-2023-40283 | kernel | 7.8 |
CVE-2023-40305 | indent | 7.8 |
CVE-2023-20197 | clamav | 7.5 |
CVE-2020-23804 | poppler | 7.5 |
CVE-2021-46174 | binutils | 7.5 |
CVE-2022-25881 | nodejs | 7.5 |
CVE-2023-23918 | nodejs | 7.5 |
CVE-2023-30589 | nodejs | 7.5 |
CVE-2023-30581 | nodejs | 7.5 |
CVE-2023-32559 | nodejs | 7.5 |
CVE-2022-37051 | poppler | 6.5 |
CVE-2022-37050 | poppler | 6.5 |
CVE-2022-37052 | poppler | 6.5 |
CVE-2022-38349 | poppler | 6.5 |
CVE-2023-38711 | libreswan | 6.5 |
CVE-2023-38710 | libreswan | 6.5 |
CVE-2023-38712 | libreswan | 6.5 |
CVE-2022-32213 | nodejs | 6.5 |
CVE-2022-32215 | nodejs | 6.5 |
CVE-2022-32214 | nodejs | 6.5 |
CVE-2022-35256 | nodejs | 6.5 |
CVE-2022-47008 | binutils | 6 |
CVE-2023-1206 | kernel | 5.7 |
CVE-2022-48554 | file | 5.5 |
CVE-2022-47011 | binutils | 5.5 |
CVE-2023-4194 | kernel | 5.5 |
CVE-2023-34319 | kernel | 5.5 |
CVE-2023-4385 | kernel | 5.5 |
CVE-2023-4459 | kernel | 5.5 |
CVE-2023-38633 | librsvg2 | 5.5 |
CVE-2023-30590 | nodejs | 5.3 |
CVE-2023-23920 | nodejs | 4.2 |
CVE-2023-4156 | gawk | 3.3 |
Bugfix:
issue | 仓库 |
#I7DX6V:海光2&3号服务器虚拟机拓扑结构与配置不一致 | kernel |
openEuler-20.03-LTS-SP1版本编译构建信息查询链接:
openEuler-20.03-LTS-SP1 Update版本
openEuler CVE 及安全公告公示链接:
openEuler-20.03-LTS-SP1 Update版本待修复问题清单公示(任务ID标注红色的问题单优先级高):
里程碑 | 任务ID | 任务标题 | 优先级 | sig组 | 关联仓库 |
openEuler 20.03-LTS-SP1 | I4J0OY | 【20.03 SP1】【arm/x86】安装好libdap后,getdap4命令的-i和-k参数使用异常 | 主要 | sig/sig-recycle | libdap |
openEuler 20.03-LTS-SP1 | I4JMG4 | 【20.03 SP1】【arm/x86】robotframework包的三个命令:libdoc、rebot、robot执行--help/-h/-?/--version,查看帮助信息和版本信息,返回值为251 | 主要 | sig/sig-ROS | python-robotframework |
openEuler 20.03-LTS-SP1 | I5DLX7 | [20.03 22.03] 管理员指南操作文档mysql服务搭建指导文档有误 | 主要 | sig/doc | docs |
openEuler 20.03LTS SP1 update2103 | I3E5C1 | 【20.03-SP1】【arm/x86】服务启动失败 | 主要 | sig/bigdata | hadoop |
openEuler 20.03LTS SP1 update210901 | I48GIM | 【20.03LTS SP1 update 210901】ovirt-cockpit-sso.service服务启动失败 | 主要 | sig/oVirt | ovirt-cockpit-sso |
openEuler 20.03-LTS-SP1 | I6VFAE | [20.03 SP1] [x86/arm] mariadb授权给远程用户,远程连接服务失败 | 次要 | sig/DB | mariadb |
openEuler 20.03-LTS-SP1 | I4G4A5 | Undefine-shift in _bfd_safe_read_leb128 | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4B1 | Integer overflow in print_vms_time | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4VY | memleak in parse_gnu_debugaltlink | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4WF | Heap-buffer-overflow in slurp_hppa_unwind_table | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4WW | Use-after-free in make_qualified_name | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4X6 | memleak in byte_get_little_endian | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4XF | memleak in process_mips_specific | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4Y0 | out-of-memory in vms_lib_read_index | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4YJ | Heap-buffer-overflow in bfd_getl16 | 无优先级 | sig/Base-service | binutils |
openEuler 20.03-LTS-SP1 | I4G4YV | Floating point exception in _bfd_vms_slurp_etir | 无优先级 | sig/Base-service | binutils |
openEuler 20.03LTS SP1 update210926 | I4CMSV | 【20.03-LTS-SP1】【arm/x86】搭建Kubernetes 集群缺少包etcd | 无优先级 | sig/TC | community |
openEuler 20.03LTS SP1 update220111 | I4QV6N | 【openEuler-20.03-LTS-SP1】flink命令执行失败 | 无优先级 | sig/sig-ai-bigdata | flink |
openEuler-20.03-LTS-SP1 | I3QGU7 | 系统不支持GB18030 | 无优先级 | sig/TC | community |
openEuler-20.03-LTS-SP1-dailybuild | I5Y99T | mate-desktop install problem in openEuler:20:03:LTS:SP1 | 无优先级 | sig/sig-mate-desktop | mate-desktop |
openEuler-20.03-LTS-SP3 Update 20230830
经各SIG及社区开发者贡献,本周openEuler-20.03-LTS-SP3修复版本已知问1个,已知漏洞34个。目前版本分支剩余待修复缺陷 7个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库
openEuler-20.03-LTS-SP3 Update版本CVE修复
CVE修复:
CVE | 仓库 | score |
CVE-2022-48174 | busybox | 9.8 |
CVE-2021-32292 | json-c | 9.8 |
CVE-2020-22219 | flac | 9.8 |
CVE-2023-32002 | nodejs | 9.8 |
CVE-2023-32006 | nodejs | 8.8 |
CVE-2022-32212 | nodejs | 8.1 |
CVE-2023-40283 | kernel | 7.8 |
CVE-2023-40305 | indent | 7.8 |
CVE-2023-20197 | clamav | 7.5 |
CVE-2021-46174 | binutils | 7.5 |
CVE-2022-25881 | nodejs | 7.5 |
CVE-2023-23918 | nodejs | 7.5 |
CVE-2023-30589 | nodejs | 7.5 |
CVE-2023-30581 | nodejs | 7.5 |
CVE-2023-32559 | nodejs | 7.5 |
CVE-2023-38711 | libreswan | 6.5 |
CVE-2023-38710 | libreswan | 6.5 |
CVE-2023-38712 | libreswan | 6.5 |
CVE-2022-32213 | nodejs | 6.5 |
CVE-2022-32215 | nodejs | 6.5 |
CVE-2022-32214 | nodejs | 6.5 |
CVE-2022-35256 | nodejs | 6.5 |
CVE-2022-47008 | binutils | 6 |
CVE-2023-1206 | kernel | 5.7 |
CVE-2022-48554 | file | 5.5 |
CVE-2022-47011 | binutils | 5.5 |
CVE-2023-4194 | kernel | 5.5 |
CVE-2023-34319 | kernel | 5.5 |
CVE-2023-4385 | kernel | 5.5 |
CVE-2023-4459 | kernel | 5.5 |
CVE-2023-38633 | librsvg2 | 5.5 |
CVE-2023-30590 | nodejs | 5.3 |
CVE-2023-23920 | nodejs | 4.2 |
CVE-2023-4156 | gawk | 3.3 |
Bugfix:
issue | 仓库 |
#I7DX6V:海光2&3号服务器虚拟机拓扑结构与配置不一致 | kernel |
openEuler-20.03-LTS-SP3版本编译构建信息查询链接:
openEuler-20.03-LTS-SP3 Update版本
openEuler CVE及安全公告公示链接:
openEuler-20.03-LTS-SP3 Update版本待修复问题清单公示(任务ID标注红色的问题单优先级高):
里程碑 | 任务ID | 任务标题 | 优先级 | sig组 | 关联仓库 |
openEuler 20.03 LTS SP3 update20220801 | I5LYJK | 【20.03-sp3_update20220801】【x86】对内核版进行升级后,TCP_option_address安装异常 | 主要 | sig/Kernel | TCP_option_address |
openEuler 20.03-LTS-SP3 | I5KXUY | 【20.03 LTS SP3 update 20220803】【arm/x86】ovirt-cockpit-sso.service服务启动失败 | 主要 | sig/oVirt | ovirt-cockpit-sso |
openEuler-20.03-LTS-SP3 | I5KY4S | 【20.03 LTS SP3 update 20220803】【arm/x86】vdsmd.service服务启动失败,导致mom-vdsm.service服务无法启动成功 | 主要 | sig/oVirt | vdsm |
openEuler-20.03-LTS-SP3 | I72EAT | 【20.03 SP3】php相关包在20.03 LTS SP3降级失败 | 主要 | sig/Base-service | php |
openEuler 20.03LTS SP3 update220111 | I4QV7S | 【openEuler-20.03-LTS-SP3】flink run 命令执行失败 | 无优先级 | sig/sig-ai-bigdata | flink |
openEuler-20.03-LTS-SP3 | I6VFMI | [20.03 SP3] [x86/arm] mariadb授权给远程用户,远程连接服务失败 | 次要 | sig/DB | mariadb |
openEuler-20.03-LTS-SP3 | I72HWV | 【20.03-lts-sp3】x86环境上同时安装php-fpm软件包和php-opcache软件包后会导致php-fpm.service服务启动失败 | 次要 | sig/Base-service | php |
openEuler-22.03-LTS Update 20230830
经各SIG及社区开发者贡献,本周openEuler-22.03-LTS修复版本已知问题1个,已知漏洞44个。目前版本分支剩余待修复缺陷3个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库
openEuler-22.03-LTS Update版本CVE修复
CVE修复:
CVE | 仓库 | score |
CVE-2022-48174 | busybox | 9.8 |
CVE-2020-22219 | flac | 9.8 |
CVE-2021-32292 | json-c | 9.8 |
CVE-2023-32002 | nodejs | 9.8 |
CVE-2023-38432 | kernel | 9.1 |
CVE-2023-39417 | postgresql | 8.8 |
CVE-2023-32006 | nodejs | 8.8 |
CVE-2023-39417 | libpq | 8.8 |
CVE-2022-32212 | nodejs | 8.1 |
CVE-2023-40305 | indent | 7.8 |
CVE-2023-40283 | kernel | 7.8 |
CVE-2023-20197 | clamav | 7.5 |
CVE-2021-46174 | binutils | 7.5 |
CVE-2022-25881 | nodejs | 7.5 |
CVE-2023-23918 | nodejs | 7.5 |
CVE-2023-30589 | nodejs | 7.5 |
CVE-2023-30581 | nodejs | 7.5 |
CVE-2023-32559 | nodejs | 7.5 |
CVE-2020-21469 | libpq | 7.5 |
CVE-2023-3867 | kernel | 7.3 |
CVE-2023-2454 | libpq | 7.2 |
CVE-2023-4389 | kernel | 7.1 |
CVE-2023-38711 | libreswan | 6.5 |
CVE-2023-38710 | libreswan | 6.5 |
CVE-2023-38712 | libreswan | 6.5 |
CVE-2022-32213 | nodejs | 6.5 |
CVE-2022-32215 | nodejs | 6.5 |
CVE-2022-32214 | nodejs | 6.5 |
CVE-2022-35256 | nodejs | 6.5 |
CVE-2022-48522 | perl | 6.3 |
CVE-2022-47008 | binutils | 6 |
CVE-2023-1206 | kernel | 5.7 |
CVE-2022-48554 | file | 5.5 |
CVE-2023-4194 | kernel | 5.5 |
CVE-2023-34319 | kernel | 5.5 |
CVE-2022-47011 | binutils | 5.5 |
CVE-2023-20593 | kernel | 5.5 |
CVE-2022-31628 | php | 5.5 |
CVE-2023-38633 | librsvg2 | 5.5 |
CVE-2023-2455 | libpq | 5.4 |
CVE-2023-30590 | nodejs | 5.3 |
CVE-2023-39418 | libpq | 4.3 |
CVE-2023-23920 | nodejs | 4.2 |
CVE-2023-4156 | gawk | 3.3 |
Bugfix:
issue | 仓库 |
#I7T755:【OLK-5.10】 KASAN: use-after-free Read in sock_xmit | kernel |
openEuler-22.03-LTS版本编译构建信息查询链接:
openEuler-22.03-LTS Update版本
openEuler CVE 及
openEuler-22.03-LTS Update版本待修复问题清单公示(任务ID标注红色的问题单优先级高):
里程碑 | 任务ID | 任务标题 | 优先级 | sig组 | 关联仓库 |
openEuler-22.03-LTS | I6VFRX | [22.03-LTS][x86/arm]mariadb授权给远程用户,远程连接服务失败 | 次要 | sig/DB | mariadb |
openEuler-22.03-LTS | I72N5G | 【22.03-lts】x86环境上同时安装php-fpm软件包和php-opcache软件包后会导致php-fpm.service服务启动失败 | 次要 | sig/Base-service | php |
openEuler-22.03-LTS update20230726 | I7ORCE | 【arm\x86】selinux-policy-base的版本不符合ceph子包的安装条件,ceph子包安装失败; cephadm卸载有异常打印 | 主要 | sig/SDS | ceph |
openEuler-22.03-LTS-SP1 Update 20230830
经各SIG及社区开发者贡献,本周openEuler-22.03-LTS-SP1修复版本已知问题1个,已知漏洞53个。目前版本分支剩余待修复缺陷9个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库
openEuler-22.03-LTS SP1 Update版本CVE修复
CVE修复:
CVE | 仓库 | score |
CVE-2022-47022 | hwloc | 9.8 |
CVE-2022-48174 | busybox | 9.8 |
CVE-2020-22219 | flac | 9.8 |
CVE-2023-32002 | nodejs | 9.8 |
CVE-2023-38432 | kernel | 9.1 |
CVE-2023-39417 | postgresql | 8.8 |
CVE-2023-32006 | nodejs | 8.8 |
CVE-2023-39417 | libpq | 8.8 |
CVE-2022-32212 | nodejs | 8.1 |
CVE-2023-40305 | indent | 7.8 |
CVE-2023-40283 | kernel | 7.8 |
CVE-2023-20197 | clamav | 7.5 |
CVE-2020-23804 | poppler | 7.5 |
CVE-2021-46174 | binutils | 7.5 |
CVE-2022-25881 | nodejs | 7.5 |
CVE-2023-23918 | nodejs | 7.5 |
CVE-2023-30589 | nodejs | 7.5 |
CVE-2023-30581 | nodejs | 7.5 |
CVE-2023-32559 | nodejs | 7.5 |
CVE-2020-21469 | libpq | 7.5 |
CVE-2023-3867 | kernel | 7.3 |
CVE-2023-2454 | libpq | 7.2 |
CVE-2022-33196 | microcode_ctl | 6.7 |
CVE-2023-36054 | krb5 | 6.5 |
CVE-2023-38712 | libreswan | 6.5 |
CVE-2023-38710 | libreswan | 6.5 |
CVE-2023-38711 | libreswan | 6.5 |
CVE-2022-40982 | microcode_ctl | 6.5 |
CVE-2023-32573 | qt | 6.5 |
CVE-2022-37051 | poppler | 6.5 |
CVE-2022-37050 | poppler | 6.5 |
CVE-2022-37052 | poppler | 6.5 |
CVE-2022-38349 | poppler | 6.5 |
CVE-2022-32213 | nodejs | 6.5 |
CVE-2022-32215 | nodejs | 6.5 |
CVE-2022-32214 | nodejs | 6.5 |
CVE-2022-35256 | nodejs | 6.5 |
CVE-2022-48522 | perl | 6.3 |
CVE-2022-47008 | binutils | 6 |
CVE-2023-1206 | kernel | 5.7 |
CVE-2022-48554 | file | 5.5 |
CVE-2022-47011 | binutils | 5.5 |
CVE-2023-4194 | kernel | 5.5 |
CVE-2023-34319 | kernel | 5.5 |
CVE-2023-20593 | kernel | 5.5 |
CVE-2023-38633 | librsvg2 | 5.5 |
CVE-2023-2455 | libpq | 5.4 |
CVE-2023-29409 | golang | 5.3 |
CVE-2023-30590 | nodejs | 5.3 |
CVE-2022-38090 | microcode_ctl | 4.4 |
CVE-2023-39418 | libpq | 4.3 |
CVE-2023-23920 | nodejs | 4.2 |
CVE-2023-4156 | gawk | 3.3 |
Bugfix:
issue | 仓库 |
#I7T755:【OLK-5.10】 KASAN: use-after-free Read in sock_xmit | kernel |
openEuler-22.03-LTS SP1版本编译构建信息查询链接:
openEuler-22.03-LTS SP1 Update版本
openEuler CVE 及
openEuler-22.03-LTS-SP1 Update版本待修复问题清单公示(任务ID标注红色的问题单优先级高):
里程碑 | 任务ID | 任务标题 | 优先级 | sig组 | 关联仓库 |
openEuler-22.03-LTS-SP1 | I7LW30 | 【arm】-O3 -flto-partition=one -fipa-struct-reorg -fwhole-program编译ICE:during IPA pass: struct_reorg(in wide_int_to_tree_1, at tree.c:1575) | 主要 | sig/Compiler | gcc |
openEuler-22.03-LTS-SP1 | I7LWCW | 【arm】-O3 -flto-partition=one -fipa-struct-reorg -fwhole-program编译ICE:internal compiler error: Segmentation fault | 主要 | sig/Compiler | gcc |
openEuler-22.03-LTS-SP1 | I7LWK7 | 【arm】-O3 -flto-partition=one -fipa-struct-reorg -fwhole-program编译ICE:during IPA pass: struct_reorg(in get_type_field, at ipa-struct-reorg/ipa-struct-reorg.c:4394) | 主要 | sig/Compiler | gcc |
openEuler-22.03-LTS-SP1 | I7LWO1 | 【arm】-O3 -flto-partition=one -fipa-struct-reorg -fwhole-program编译ICE:during RTL pass: expand(in convert_move, at expr.c:219) | 主要 | sig/Compiler | gcc |
openEuler-22.03-LTS-SP1 | I7LX07 | 【arm】-O3 -flto-partition=one -fipa-struct-reorg -fwhole-program编译ICE:during IPA pass: struct_reorg(in get_type_field, at ipa-struct-reorg/ipa-struct-reorg.c:4379) | 主要 | sig/Compiler | gcc |
openEuler 22.03-SP1 | I6B4V1 | 【22.03 SP1 update 20230118】【arm】libhdfs在arm架构降级失败,x86正常 | 主要 | sig/bigdata | hadoop |
openEuler-22.03-LTS-SP1 | I6VFV6 | [22.03 SP1] [x86/arm] mariadb授权给远程用户,远程连接服务失败 | 次要 | sig/DB | mariadb |
openEuler-22.03-LTS-SP1 | I73CKF | 【22.03-lts-sp1】x86环境上同时安装php-fpm软件包和php-opcache软件包后会导致php-fpm.service服务启动失败 | 次要 | sig/Base-service | php |
openEuler-22.03-LTS-SP1 update20230726 | I7OR2I | 【22.03 LTS SP1 update20230726】【arm\x86】selinux-policy-base的版本不符合ceph子包的安装条件,ceph子包安装失败 | 主要 | sig/SDS | ceph |
openEuler-22.03-LTS-SP2 Update 20230830
经各SIG及社区开发者贡献,本周openEuler-22.03-LTS-SP2修复版本已知问题7个,已知漏洞45个,热补丁1个。目前版本分支剩余待修复缺陷2个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库
openEuler-22.03-LTS-SP2 Update版本CVE修复
CVE修复:
CVE | 仓库 | score |
CVE-2022-47022 | hwloc | 9.8 |
CVE-2022-48174 | busybox | 9.8 |
CVE-2020-22219 | flac | 9.8 |
CVE-2023-32002 | nodejs | 9.8 |
CVE-2023-38432 | kernel | 9.1 |
CVE-2023-39417 | postgresql | 8.8 |
CVE-2023-32006 | nodejs | 8.8 |
CVE-2023-39417 | libpq | 8.8 |
CVE-2022-32212 | nodejs | 8.1 |
CVE-2023-40305 | indent | 7.8 |
CVE-2023-40283 | kernel | 7.8 |
CVE-2021-46174 | binutils | 7.5 |
CVE-2022-25881 | nodejs | 7.5 |
CVE-2023-23918 | nodejs | 7.5 |
CVE-2023-30589 | nodejs | 7.5 |
CVE-2023-30581 | nodejs | 7.5 |
CVE-2023-32559 | nodejs | 7.5 |
CVE-2020-21469 | libpq | 7.5 |
CVE-2023-3867 | kernel | 7.3 |
CVE-2023-2454 | libpq | 7.2 |
CVE-2022-33196 | microcode_ctl | 6.7 |
CVE-2023-38712 | libreswan | 6.5 |
CVE-2023-38710 | libreswan | 6.5 |
CVE-2023-38711 | libreswan | 6.5 |
CVE-2023-36054 | krb5 | 6.5 |
CVE-2023-32573 | qt | 6.5 |
CVE-2022-40982 | microcode_ctl | 6.5 |
CVE-2022-32213 | nodejs | 6.5 |
CVE-2022-32215 | nodejs | 6.5 |
CVE-2022-32214 | nodejs | 6.5 |
CVE-2022-35256 | nodejs | 6.5 |
CVE-2022-48522 | perl | 6.3 |
CVE-2022-47008 | binutils | 6 |
CVE-2023-1206 | kernel | 5.7 |
CVE-2022-48554 | file | 5.5 |
CVE-2022-47011 | binutils | 5.5 |
CVE-2023-4194 | kernel | 5.5 |
CVE-2023-34319 | kernel | 5.5 |
CVE-2023-38633 | librsvg2 | 5.5 |
CVE-2023-2455 | libpq | 5.4 |
CVE-2023-30590 | nodejs | 5.3 |
CVE-2022-38090 | microcode_ctl | 4.4 |
CVE-2023-39418 | libpq | 4.3 |
CVE-2023-23920 | nodejs | 4.2 |
CVE-2023-4156 | gawk | 3.3 |
Bugfix:
issue | 仓库 |
#I7VP5K:同步主线HISI uncore UC PMU和uncore H60PA/PAv3 PMU驱动到OLK-5.10 | kernel |
#I7X29C:【22.03-LTS-SP2】update版本新增kv_store软件包 | distributeddatamgr_kv_store |
#I7X270:【22.03-LTS-SP2】update版本新增datamgr_service软件包 | distributeddatamgr_datamgr_service |
#I7X1KS:【22.03-LTS-SP2】update版本新增data_object的软件包 | distributeddatamgr_data_object |
#I7X243:【22.03-LTS-SP2】update版本新增relational_store软件包 | distributeddatamgr_relational_store |
#I7TJ43:回合bugfix补丁 | A-Tune |
#I7V300:补丁回合 | A-Tune-Collector |
热补丁:
热补丁issue ID | cve | issue ID | 所属仓库 | score |
I7WT55 | CVE-2023-3389 | I7GVI5 | kernel | 7.8 |
openEuler-22.03-LTS SP2版本编译构建信息查询链接:
openEuler-22.03-LTS SP2 Update版本
openEuler CVE 及
openEuler-22.03-LTS-SP2 Update版本待修复问题清单公示(任务ID标注红色的问题单优先级高):
里程碑 | 任务ID | 任务标题 | 优先级 | sig组 | 关联仓库 |
openEuler-22.03-LTS-SP2-round-2 | I795G3 | 【22.03-LTS-SP2 round2】本次转测源中出现多个版本的containers-common | 主要 | sig/sig-CloudNative | skopeo |
openEuler-22.03-LTS-SP2-SEC | I7AFIR | 【22.03-LTS-SP2 round2】【x86/arm】libkae-1.2.10-6.oe2203sp2安全编译选项Rpath/Runpath不满足 | 主要 | sig/sig-AccLib | libkae |
社区待修复漏洞:
openEuler社区根据漏洞严重等级采取差异化的修复策略,请各个SIG 关注涉及CVE组件的修复情况。
严重等级(Severity Rating) | 漏洞修复时长 |
致命(Critical) | 7天 |
高(High) | 14天 |
中(Medium) | 30天 |
低(Low) | 30天 |
近14天将超期CVE(9.2日数据):
漏洞编号 | Issue ID | 剩余天数 | CVSS评分 | 软件包 | 责任SIG |
CVE-2022-48565 | I7V732 | 6.44 | 9.8 | python3 | Base-service |
CVE-2023-39417 | I7SB9T | 1.66 | 8.8 | postgresql | DB |
CVE-2020-24293 | I7V71N | 8.66 | 8.8 | freeimage | dev-utils |
CVE-2020-24292 | I7V70T | 8.66 | 8.8 | freeimage | dev-utils |
CVE-2020-24295 | I7V70O | 8.66 | 8.8 | freeimage | dev-utils |
CVE-2021-40263 | I7V70Z | 10.1 | 8.8 | freeimage | dev-utils |
CVE-2022-46884 | I7VS3B | 10.44 | 8.8 | firefox | Application |
CVE-2020-24165 | I7WY1L | 13.44 | 8.8 | qemu | Virt |
CVE-2022-46751 | I7UK86 | 12.44 | 8.2 | apache-ivy | sig-Java |
CVE-2022-48566 | I7V71W | 13.44 | 8.1 | python3 | Base-service |
CVE-2023-40315 | I7U431 | 5.13 | 8 | openstack-horizon | sig-openstack |
CVE-2020-21426 | I7V71R | 8.66 | 7.8 | freeimage | dev-utils |
CVE-2022-47069 | I7V6ZI | 8.66 | 7.8 | p7zip | dev-utils |
CVE-2020-21428 | I7V6ZB | 8.66 | 7.8 | freeimage | dev-utils |
CVE-2023-40590 | I7WN52 | 10.1 | 7.8 | python-GitPython | sig-python-modules |
CVE-2023-40577 | I7VTBW | 5.71 | 7.5 | alertmanager | sig-CloudNative |
CVE-2023-37369 | I7VV7A | 5.77 | 7.5 | qt | Runtime |
CVE-2022-48571 | I7V73M | 8.66 | 7.5 | memcached | Application |
CVE-2022-48541 | I7V72B | 8.66 | 7.5 | ImageMagick | Others |
CVE-2020-22570 | I7V70D | 8.66 | 7.5 | memcached | Application |
CVE-2020-21469 | I7V6ZE | 8.66 | 7.5 | postgresql | DB |
CVE-2023-37369 | I7P5OT | 8.66 | 7.5 | qt5-qtbase | Programming-language |
CVE-2021-34193 | I7WN56 | 10.1 | 7.5 | opensc | Base-service |
CVE-2023-20588 | I7WY4J | 10.44 | 7.5 | kernel | Kernel |
CVE-2022-34038 | I7V70G | 11.44 | 7.5 | etcd | sig-CloudNative |
CVE-2022-40433 | I7V738 | 11.85 | 7.5 | openjdk-11 | Compiler |
CVE-2022-43357 | I7V72K | 12.44 | 7.5 | sassc | Others |
CVE-2022-43357 | I7V72I | 12.44 | 7.5 | libsass | Base-service |
CVE-2023-39663 | I7WZIV | 12.87 | 7.5 | mathjax | sig-UKUI |
CVE-2023-41105 | I7VE3T | 13.44 | 7.5 | python3 | Base-service |
CVE-2023-40187 | I7XN6A | 12.87 | 7.3 | freerdp | Application |
CVE-2023-3865 | I7ST5T | 9.66 | 7.1 | kernel | Kernel |
CVE-2023-39355 | I7XN5F | 12.87 | 7 | freerdp | Application |
CVE-2023-36941 | I7OM5C | 0.44 | 6.1 | mysql5 | DB |
CVE-2023-3824 | I7RSD5 | 5.93 | 5.5 | php | Base-service |
CVE-2023-3823 | I7RSC7 | 5.93 | 5.5 | php | Base-service |
CVE-2023-4132 | I7QE3A | 12.75 | 5.5 | kernel | Kernel |
CVE-2023-38559 | I7PRTF | 12.75 | 5.5 | ghostscript | Base-service |
CVE-2023-38560 | I7PRDQ | 12.75 | 5.5 | ghostscript | Base-service |
CVE-2023-40027 | I7TI35 | 13.66 | 3.7 | openstack-keystone | sig-openstack |
openEuler 社区指导文档及开放平台链接:
openEuler 版本分支维护规范:
openEuler release-management 版本分支PR指导:
社区QA 版本测试提单规范
社区QA 测试平台 radiates
542
Age (days ago)
542
Last active (days ago)
0 comments
1 participants
participants (1)
-
update版本发布邮箱