An update for ignition is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1509 Final 1.0 1.0 2024-04-26 Initial 2024-04-26 2024-04-26 openEuler SA Tool V1.0 2024-04-26 ignition security update An update for ignition is now available for openEuler-22.03-LTS-SP1. Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration. Security Fix(es): A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723) An update for ignition is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High ignition https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1509 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 openEuler-22.03-LTS-SP1 ignition-2.14.0-5.oe2203sp1.aarch64.rpm ignition-validate-2.14.0-5.oe2203sp1.aarch64.rpm ignition-debugsource-2.14.0-5.oe2203sp1.aarch64.rpm ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64.rpm ignition-2.14.0-5.oe2203sp1.src.rpm ignition-2.14.0-5.oe2203sp1.x86_64.rpm ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64.rpm ignition-debugsource-2.14.0-5.oe2203sp1.x86_64.rpm ignition-validate-2.14.0-5.oe2203sp1.x86_64.rpm A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. 2024-04-26 CVE-2022-41723 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ignition security update 2024-04-26 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1509