An update for eclipse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1759 Final 1.0 1.0 2022-07-22 Initial 2022-07-22 2022-07-22 openEuler SA Tool V1.0 2022-07-22 eclipse security update An update for eclipse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. The Eclipse platform is designed for building integrated development environments (IDEs), server-side applications, desktop applications, and everything in between. Security Fix(es): In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.(CVE-2020-27225) An update for eclipse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High eclipse https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1759 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-27225 https://nvd.nist.gov/vuln/detail/CVE-2020-27225 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS eclipse-platform-4.11-4.oe1.aarch64.rpm eclipse-equinox-osgi-4.11-4.oe1.aarch64.rpm eclipse-pde-4.11-4.oe1.aarch64.rpm eclipse-swt-4.11-4.oe1.aarch64.rpm eclipse-debugsource-4.11-4.oe1.aarch64.rpm eclipse-debuginfo-4.11-4.oe1.aarch64.rpm eclipse-tests-4.11-4.oe1.aarch64.rpm eclipse-contributor-tools-4.11-4.oe1.aarch64.rpm eclipse-equinox-osgi-4.11-4.oe1.aarch64.rpm eclipse-pde-4.11-4.oe1.aarch64.rpm eclipse-platform-4.11-4.oe1.aarch64.rpm eclipse-contributor-tools-4.11-4.oe1.aarch64.rpm eclipse-debuginfo-4.11-4.oe1.aarch64.rpm eclipse-debugsource-4.11-4.oe1.aarch64.rpm eclipse-swt-4.11-4.oe1.aarch64.rpm eclipse-tests-4.11-4.oe1.aarch64.rpm eclipse-debugsource-4.11-5.oe2203.aarch64.rpm eclipse-platform-4.11-5.oe2203.aarch64.rpm eclipse-equinox-osgi-4.11-5.oe2203.aarch64.rpm eclipse-swt-4.11-5.oe2203.aarch64.rpm eclipse-tests-4.11-5.oe2203.aarch64.rpm eclipse-debuginfo-4.11-5.oe2203.aarch64.rpm eclipse-pde-4.11-5.oe2203.aarch64.rpm eclipse-contributor-tools-4.11-5.oe2203.aarch64.rpm eclipse-p2-discovery-4.11-4.oe1.noarch.rpm eclipse-jdt-4.11-4.oe1.noarch.rpm eclipse-jdt-4.11-4.oe1.noarch.rpm eclipse-p2-discovery-4.11-4.oe1.noarch.rpm eclipse-p2-discovery-4.11-5.oe2203.noarch.rpm eclipse-jdt-4.11-5.oe2203.noarch.rpm eclipse-4.11-4.oe1.src.rpm eclipse-4.11-4.oe1.src.rpm eclipse-4.11-5.oe2203.src.rpm eclipse-debuginfo-4.11-4.oe1.x86_64.rpm eclipse-pde-4.11-4.oe1.x86_64.rpm eclipse-equinox-osgi-4.11-4.oe1.x86_64.rpm eclipse-swt-4.11-4.oe1.x86_64.rpm eclipse-tests-4.11-4.oe1.x86_64.rpm eclipse-contributor-tools-4.11-4.oe1.x86_64.rpm eclipse-debugsource-4.11-4.oe1.x86_64.rpm eclipse-platform-4.11-4.oe1.x86_64.rpm eclipse-debuginfo-4.11-4.oe1.x86_64.rpm eclipse-pde-4.11-4.oe1.x86_64.rpm eclipse-swt-4.11-4.oe1.x86_64.rpm eclipse-equinox-osgi-4.11-4.oe1.x86_64.rpm eclipse-debugsource-4.11-4.oe1.x86_64.rpm eclipse-contributor-tools-4.11-4.oe1.x86_64.rpm eclipse-tests-4.11-4.oe1.x86_64.rpm eclipse-platform-4.11-4.oe1.x86_64.rpm eclipse-swt-4.11-5.oe2203.x86_64.rpm eclipse-debugsource-4.11-5.oe2203.x86_64.rpm eclipse-pde-4.11-5.oe2203.x86_64.rpm eclipse-debuginfo-4.11-5.oe2203.x86_64.rpm eclipse-contributor-tools-4.11-5.oe2203.x86_64.rpm eclipse-equinox-osgi-4.11-5.oe2203.x86_64.rpm eclipse-platform-4.11-5.oe2203.x86_64.rpm eclipse-tests-4.11-5.oe2203.x86_64.rpm In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. 2022-07-22 CVE-2020-27225 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H eclipse security update 2022-07-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1759