jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1264.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

129 lines
9.9 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2023-1264</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2023-04-28</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2023-04-28</InitialReleaseDate>
<CurrentReleaseDate>2023-04-28</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2023-04-28</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">dmidecode security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).DMI data can be used to enable or disable specific portions of kernel code depending on the specific hardware. Thus, one use of dmidecode is for kernel developers to detect system "signatures" and add them to the kernel source code when needed.
Security Fix(es):
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">dmidecode</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1264</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-30630</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-30630</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="dmidecode-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-3.2-4.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-debugsource-3.2-4.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-debuginfo-3.2-4.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-debuginfo-3.2-4.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-debugsource-3.2-4.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-3.2-4.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-3.3-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-debugsource-3.3-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-debuginfo-3.3-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-debugsource-3.4-3.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-3.4-3.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-debuginfo-3.4-3.oe2203sp1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="dmidecode-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-3.2-4.oe1.src.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-3.2-4.oe1.src.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-3.3-6.oe2203.src.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-3.4-3.oe2203sp1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="dmidecode-debuginfo-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-debuginfo-3.2-4.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-debugsource-3.2-4.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">dmidecode-3.2-4.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-3.2-4.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-debuginfo-3.2-4.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.2-4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">dmidecode-debugsource-3.2-4.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-3.3-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-debugsource-3.3-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.3-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">dmidecode-debuginfo-3.3-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debuginfo-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-debuginfo-3.4-3.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-debugsource-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-debugsource-3.4-3.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="dmidecode-3.4-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">dmidecode-3.4-3.oe2203sp1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.</Note>
</Notes>
<ReleaseDate>2023-04-28</ReleaseDate>
<CVE>CVE-2023-30630</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>4.6</BaseScore>
<Vector>AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>dmidecode security update</Description>
<DATE>2023-04-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1264</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink