{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"ignition security update", "category":"general", "title":"Synopsis" }, { "text":"An update for ignition is now available for openEuler-22.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration.\n\nSecurity Fix(es):\n\nA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)", "category":"general", "title":"Description" }, { "text":"An update for ignition is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"ignition", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1509", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1509" }, { "summary":"CVE-2022-41723", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2022-41723&packageName=ignition" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41723" }, { "summary":"openEuler-SA-2024-1509 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1509.json" } ], "title":"An update for ignition is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-04-26T09:16:37+08:00", "revision_history":[ { "date":"2024-04-26T09:16:37+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:16:37+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:16:37+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:16:37+08:00", "id":"openEuler-SA-2024-1509", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-2.14.0-5.oe2203sp1.aarch64.rpm", "name":"ignition-2.14.0-5.oe2203sp1.aarch64.rpm" }, "name":"ignition-2.14.0-5.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-validate-2.14.0-5.oe2203sp1.aarch64.rpm", "name":"ignition-validate-2.14.0-5.oe2203sp1.aarch64.rpm" }, "name":"ignition-validate-2.14.0-5.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-debugsource-2.14.0-5.oe2203sp1.aarch64.rpm", "name":"ignition-debugsource-2.14.0-5.oe2203sp1.aarch64.rpm" }, "name":"ignition-debugsource-2.14.0-5.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64.rpm", "name":"ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64.rpm" }, "name":"ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-2.14.0-5.oe2203sp1.src.rpm", "name":"ignition-2.14.0-5.oe2203sp1.src.rpm" }, "name":"ignition-2.14.0-5.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-2.14.0-5.oe2203sp1.x86_64.rpm", "name":"ignition-2.14.0-5.oe2203sp1.x86_64.rpm" }, "name":"ignition-2.14.0-5.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64.rpm", "name":"ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64.rpm" }, "name":"ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-debugsource-2.14.0-5.oe2203sp1.x86_64.rpm", "name":"ignition-debugsource-2.14.0-5.oe2203sp1.x86_64.rpm" }, "name":"ignition-debugsource-2.14.0-5.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"ignition-validate-2.14.0-5.oe2203sp1.x86_64.rpm", "name":"ignition-validate-2.14.0-5.oe2203sp1.x86_64.rpm" }, "name":"ignition-validate-2.14.0-5.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-2.14.0-5.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.aarch64", "name":"ignition-2.14.0-5.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-validate-2.14.0-5.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.aarch64", "name":"ignition-validate-2.14.0-5.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-debugsource-2.14.0-5.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.aarch64", "name":"ignition-debugsource-2.14.0-5.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64", "name":"ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-2.14.0-5.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.src", "name":"ignition-2.14.0-5.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-2.14.0-5.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.x86_64", "name":"ignition-2.14.0-5.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64", "name":"ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-debugsource-2.14.0-5.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.x86_64", "name":"ignition-debugsource-2.14.0-5.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"ignition-validate-2.14.0-5.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.x86_64", "name":"ignition-validate-2.14.0-5.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-41723", "notes":[ { "text":"A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.src", "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.src", "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.x86_64" ], "details":"ignition security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1509" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.src", "openEuler-22.03-LTS-SP1:ignition-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-debugsource-2.14.0-5.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:ignition-validate-2.14.0-5.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-41723" } ] }