An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1264 Final 1.0 1.0 2023-04-28 Initial 2023-04-28 2023-04-28 openEuler SA Tool V1.0 2023-04-28 dmidecode security update An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).DMI data can be used to enable or disable specific portions of kernel code depending on the specific hardware. Thus, one use of dmidecode is for kernel developers to detect system "signatures" and add them to the kernel source code when needed. Security Fix(es): Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630) An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium dmidecode https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1264 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 dmidecode-3.2-4.oe1.aarch64.rpm dmidecode-debugsource-3.2-4.oe1.aarch64.rpm dmidecode-debuginfo-3.2-4.oe1.aarch64.rpm dmidecode-debuginfo-3.2-4.oe1.aarch64.rpm dmidecode-debugsource-3.2-4.oe1.aarch64.rpm dmidecode-3.2-4.oe1.aarch64.rpm dmidecode-3.3-6.oe2203.aarch64.rpm dmidecode-debugsource-3.3-6.oe2203.aarch64.rpm dmidecode-debuginfo-3.3-6.oe2203.aarch64.rpm dmidecode-debugsource-3.4-3.oe2203sp1.aarch64.rpm dmidecode-3.4-3.oe2203sp1.aarch64.rpm dmidecode-debuginfo-3.4-3.oe2203sp1.aarch64.rpm dmidecode-3.2-4.oe1.src.rpm dmidecode-3.2-4.oe1.src.rpm dmidecode-3.3-6.oe2203.src.rpm dmidecode-3.4-3.oe2203sp1.src.rpm dmidecode-debuginfo-3.2-4.oe1.x86_64.rpm dmidecode-debugsource-3.2-4.oe1.x86_64.rpm dmidecode-3.2-4.oe1.x86_64.rpm dmidecode-3.2-4.oe1.x86_64.rpm dmidecode-debuginfo-3.2-4.oe1.x86_64.rpm dmidecode-debugsource-3.2-4.oe1.x86_64.rpm dmidecode-3.3-6.oe2203.x86_64.rpm dmidecode-debugsource-3.3-6.oe2203.x86_64.rpm dmidecode-debuginfo-3.3-6.oe2203.x86_64.rpm dmidecode-debuginfo-3.4-3.oe2203sp1.x86_64.rpm dmidecode-debugsource-3.4-3.oe2203sp1.x86_64.rpm dmidecode-3.4-3.oe2203sp1.x86_64.rpm Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. 2023-04-28 CVE-2023-30630 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Medium 4.6 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L dmidecode security update 2023-04-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1264