• 人生就是博手机版

    安全漏洞

    安全漏洞补丁公告

    当前位置  >  首页  >  服务支持  >  安全漏洞  >  安全漏洞补丁公告

    公告ID(KYSA-202101-0033

    摘要:horizon安全漏洞 安全等级:中等 公告ID:KYSA-202101-0033 发布日期:2022-01-24 影响CVE:CVE-2020-29565

    详细介绍

    1.修复的CVE

        CVE-2020-29565

        OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。

        OpenStack Horizon 15.3.2,16之前版本存在安全漏洞,该漏洞源于next参数缺乏验证,这将允许某人在Horizon中提供恶意URL,从而导致自动重定向到所提供的恶意URL。以下产品及版本受到影响: 15.3.2之前版本, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x版本。

        

    2.影响的操作系统

        银河麒麟桌面操作系统V4 SP1

        银河麒麟桌面操作系统V4 SP2

        银河麒麟桌面操作系统V4 SP3

        银河麒麟桌面操作系统V4 SP4

        银河麒麟服务器操作系统V4 SP1

        银河麒麟服务器操作系统V4 SP2

        银河麒麟服务器操作系统V4 SP3

        银河麒麟服务器操作系统V4 SP4

        银河麒麟桌面操作系统V10

        银河麒麟桌面操作系统V10 SP1

    3.修复版本

        软件包:horizon

        2:9.1.2-0kord5.2V4、V10

        3:18.3.2-0kylin0.20.04.4(V10 SP1)

        

    4.受影响的软件包

        ·银河麒麟操作系统V10桌面版、V4

        openstack-dashboard

        openstack-dashboard-ubuntu-theme

        python-django-horizon

        ·银河麒麟桌面操作系统V10 SP1

        openstack-dashboard

        openstack-dashboard-common

        openstack-dashboard-ubuntu-theme

        python3-django-horizon

        python3-django-openstack-auth

    5.修复方法

    方法一:配置源进行升级安装

        打开软件包源配置文件,根据仓库地址进行修改。

        4.0.2桌面版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 4.0.2-desktop main restricted universe multiverse

        4.0.2-sp1桌面版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 4.0.2sp1-desktop main restricted universe multiverse

        4.0.2-sp2桌面版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 4.0.2sp2-desktop main restricted universe multiverse

        4.0.2-sp3桌面版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 4.0.2sp3-desktop main restricted universe multiverse

        4.0.2-sp4桌面版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 4.0.2sp4-desktop main restricted universe multiverse

        10.0版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 10.0 main restricted universe multiverse

        10SP1版本:

        http://archive.fumeibaihuo.com/kylin/KYLIN-ALL 10.1 main restricted universe multiverse

        配置完成后执行更新命令进行升级

        $sudo apt update

    方法二:下载安装包进行升级安装

        通过软件包地址下载软件包,使用软件包升级命令根据受影响的组件包列表 升级相关的组件包。

        $dpkg -i Packagelists

        

    6.软件包下载地址

    银河麒麟操作系统V10桌面版、V4

    X86_64软件包下载地址

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-ubuntu-theme_9.1.2-0kord5.2_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard_9.1.2-0kord5.2_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python-django-horizon_9.1.2-0kord5.2_all.deb

    arm64软件包下载地址

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-ubuntu-theme_9.1.2-0kord5.2_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard_9.1.2-0kord5.2_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python-django-horizon_9.1.2-0kord5.2_all.deb

    mips64el软件包下载地址

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-ubuntu-theme_9.1.2-0kord5.2_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard_9.1.2-0kord5.2_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python-django-horizon_9.1.2-0kord5.2_all.deb

    银河麒麟操作系统桌面版V10 SP1

    X86_64软件包下载地址

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-common_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-ubuntu-theme_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python3-django-horizon_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python3-django-openstack-auth_18.3.2-0kylin0.20.04.4_all.deb

    arm64软件包下载地址

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-common_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-ubuntu-theme_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python3-django-horizon_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python3-django-openstack-auth_18.3.2-0kylin0.20.04.4_all.deb

    mips64el软件包下载地址

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-common_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard-ubuntu-theme_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/openstack-dashboard_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python3-django-horizon_18.3.2-0kylin0.20.04.4_all.deb

    http://archive.fumeibaihuo.com/kylin/KYLIN-ALL/pool/main/h/horizon/python3-django-openstack-auth_18.3.2-0kylin0.20.04.4_all.deb


    上一篇: KYSA-202101-0032 下一篇: KYSA-202101-0034

    试用

    服务

    动态

    联系