An update for protobuf is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2106 Final 1.0 1.0 2022-11-18 Initial 2022-11-18 2022-11-18 openEuler SA Tool V1.0 2022-11-18 protobuf security update An update for protobuf is now available for openEuler-20.03-LTS-SP1. Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site. Security Fix(es): Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.(CVE-2021-22570) An update for protobuf is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High protobuf https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2106 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-22570 https://nvd.nist.gov/vuln/detail/CVE-2021-22570 openEuler-20.03-LTS-SP1 protobuf-devel-3.14.0-6.oe1.aarch64.rpm protobuf-lite-3.14.0-6.oe1.aarch64.rpm protobuf-3.14.0-6.oe1.aarch64.rpm protobuf-lite-devel-3.14.0-6.oe1.aarch64.rpm protobuf-debugsource-3.14.0-6.oe1.aarch64.rpm protobuf-debuginfo-3.14.0-6.oe1.aarch64.rpm protobuf-compiler-3.14.0-6.oe1.aarch64.rpm protobuf-bom-3.14.0-6.oe1.noarch.rpm protobuf-javalite-3.14.0-6.oe1.noarch.rpm protobuf-javadoc-3.14.0-6.oe1.noarch.rpm protobuf-java-util-3.14.0-6.oe1.noarch.rpm python3-protobuf-3.14.0-6.oe1.noarch.rpm protobuf-java-3.14.0-6.oe1.noarch.rpm protobuf-parent-3.14.0-6.oe1.noarch.rpm protobuf-3.14.0-6.oe1.src.rpm protobuf-lite-devel-3.14.0-6.oe1.x86_64.rpm protobuf-debuginfo-3.14.0-6.oe1.x86_64.rpm protobuf-compiler-3.14.0-6.oe1.x86_64.rpm protobuf-3.14.0-6.oe1.x86_64.rpm protobuf-devel-3.14.0-6.oe1.x86_64.rpm protobuf-debugsource-3.14.0-6.oe1.x86_64.rpm protobuf-lite-3.14.0-6.oe1.x86_64.rpm Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. 2022-11-18 CVE-2021-22570 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H protobuf security update 2022-11-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2106