An update for deltarpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1973
Final
1.0
1.0
2022-09-30
Initial
2022-09-30
2022-09-30
openEuler SA Tool V1.0
2022-09-30
deltarpm security update
An update for deltarpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
Delta RPM packages contain the difference between an old and a new version of an RPM package. Applying a delta RPM on an old RPM results in the complete new RPM. It is not necessary to have a copy of the old RPM, because a delta RPM can also work with an installed RPM.
Security Fix(es):
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)
An update for deltarpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
deltarpm
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1973
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-37434
https://nvd.nist.gov/vuln/detail/CVE-2022-37434
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
python2-deltarpm-3.6.2-5.oe1.aarch64.rpm
deltarpm-debugsource-3.6.2-5.oe1.aarch64.rpm
drpmsync-3.6.2-5.oe1.aarch64.rpm
deltarpm-3.6.2-5.oe1.aarch64.rpm
deltarpm-debuginfo-3.6.2-5.oe1.aarch64.rpm
python3-deltarpm-3.6.2-5.oe1.aarch64.rpm
deltarpm-debuginfo-3.6.2-5.oe1.aarch64.rpm
deltarpm-debugsource-3.6.2-5.oe1.aarch64.rpm
drpmsync-3.6.2-5.oe1.aarch64.rpm
python2-deltarpm-3.6.2-5.oe1.aarch64.rpm
deltarpm-3.6.2-5.oe1.aarch64.rpm
python3-deltarpm-3.6.2-5.oe1.aarch64.rpm
python3-deltarpm-3.6.3-2.oe2203.aarch64.rpm
deltarpm-debugsource-3.6.3-2.oe2203.aarch64.rpm
deltarpm-3.6.3-2.oe2203.aarch64.rpm
deltarpm-debuginfo-3.6.3-2.oe2203.aarch64.rpm
drpmsync-3.6.3-2.oe2203.aarch64.rpm
deltarpm-help-3.6.2-5.oe1.noarch.rpm
deltarpm-help-3.6.2-5.oe1.noarch.rpm
deltarpm-help-3.6.3-2.oe2203.noarch.rpm
deltarpm-3.6.2-5.oe1.src.rpm
deltarpm-3.6.2-5.oe1.src.rpm
deltarpm-3.6.3-2.oe2203.src.rpm
python3-deltarpm-3.6.2-5.oe1.x86_64.rpm
deltarpm-debuginfo-3.6.2-5.oe1.x86_64.rpm
python2-deltarpm-3.6.2-5.oe1.x86_64.rpm
deltarpm-3.6.2-5.oe1.x86_64.rpm
deltarpm-debugsource-3.6.2-5.oe1.x86_64.rpm
drpmsync-3.6.2-5.oe1.x86_64.rpm
drpmsync-3.6.2-5.oe1.x86_64.rpm
deltarpm-debuginfo-3.6.2-5.oe1.x86_64.rpm
deltarpm-3.6.2-5.oe1.x86_64.rpm
python3-deltarpm-3.6.2-5.oe1.x86_64.rpm
python2-deltarpm-3.6.2-5.oe1.x86_64.rpm
deltarpm-debugsource-3.6.2-5.oe1.x86_64.rpm
drpmsync-3.6.3-2.oe2203.x86_64.rpm
python3-deltarpm-3.6.3-2.oe2203.x86_64.rpm
deltarpm-3.6.3-2.oe2203.x86_64.rpm
deltarpm-debuginfo-3.6.3-2.oe2203.x86_64.rpm
deltarpm-debugsource-3.6.3-2.oe2203.x86_64.rpm
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
2022-09-30
CVE-2022-37434
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
deltarpm security update
2022-09-30
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1973