注： 1. 本公告所涉及的漏洞修复信息知识产权全部归麒麟软件有限公司所有，此安全漏洞补丁公告仅适用于麒麟软件操作系统通用主线产品，定制、OEM等版本可根据需要联系售后获取支持。任何媒体、网站或个人转载使用时不得进行商业性的原版原式的转载，也不得歪曲和篡改所发布的内容。此声明以及其修改权、更新权及最终解释权均归本网所有。 2. 此安全漏洞补丁公告仅适用于银河麒麟桌面操作系统V10 SP1 2303版本，系统版本查询工具下载链接： https://security-oss.kylinos.cn/Desktop/libkysdk-sysinfo.zip 1. 漏洞概述 CVE-2021-3654 OpenStack是一个云平台管理项目。 Openstack Nova存在输入验证错误漏洞，该漏洞允许远程攻击者可利用该漏洞将受害者重定向到任意URL。 CVE-2017-18191 OpenStack是一个云平台管理项目。 OpenStack Nova是其中的一个用Python编写的云计算构造控制器，属于IaaS系统的一部分。 OpenStack Nova 15.x版本至15.1.0版本和16.x版本至16.0.4版本中存在加密问题漏洞。攻击者可利用该漏洞访问底层原始的数据卷并且损坏LUKS包头，造成拒绝服务。 CVE-2020-17376 OpenStack是一个云平台管理项目。 OpenStack Nova是其中的一个云计算结构控制器。 OpenStack Nova 19.3.1之前版本, 20.x系列20.3.1之前版本以及21.0.0版本Guest.migrate的virt/libvirt/guest.py存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。 CVE-2022-37394 OpenStack是一个云平台管理项目。 OpenStack Nova是其中的一个用Python编写的云计算构造控制器，属于IaaS系统的一部分。 OpenStack Nova 23.2.2之前版本、24.1.2之前的24.x版本以及25.0.2之前的25.x版本存在安全漏洞，该漏洞源于通过具有直接vnic_type的neutron端口，创建一个与该端口绑定的实例，然后将绑定端口的vnic_type改为macvtap，认证用户可能导致计算服务无法重新启动，从而导致可能的拒绝服务，只有配置有SR-IOV的Nova部署受到影响。 CVE-2015-9543 OpenStack是一个云平台管理项目。 OpenStack Nova是其中的一个云计算结构控制器。 OpenStack Nova 18.2.4之前版本、19.1.0之前的19.x版本和20.1.0之前的20.x版本中存在安全漏洞，该漏洞源于程序将consoleauth令牌放在日志文件中。攻击者可利用该漏洞获取用控制台访问令牌。 2. 受影响的操作系统及软件包 ·银河麒麟桌面操作系统V10 SP1 2303 x86_64 架构： nova-ajax-console-proxy、nova-api-metadata、nova-api-os-compute、nova-api-os-volume、nova-api、nova-cells、nova-common、nova-compute-kvm、nova-compute-libvirt、nova-compute-lxc、nova-compute-qemu、nova-compute-vmware、nova-compute-xen、nova-compute、nova-conductor、nova-novncproxy、nova-scheduler、nova-serialproxy、nova-spiceproxy、nova-volume、python3-nova arm64 架构： nova-ajax-console-proxy、nova-api-metadata、nova-api-os-compute、nova-api-os-volume、nova-api、nova-cells、nova-common、nova-compute-kvm、nova-compute-libvirt、nova-compute-lxc、nova-compute-qemu、nova-compute-vmware、nova-compute-xen、nova-compute、nova-conductor、nova-novncproxy、nova-scheduler、nova-serialproxy、nova-spiceproxy、nova-volume、python3-nova mips64el 架构： nova-ajax-console-proxy、nova-api-metadata、nova-api-os-compute、nova-api-os-volume、nova-api、nova-cells、nova-common、nova-compute-kvm、nova-compute-libvirt、nova-compute-lxc、nova-compute-qemu、nova-compute-vmware、nova-compute-xen、nova-compute、nova-conductor、nova-novncproxy、nova-scheduler、nova-serialproxy、nova-spiceproxy、nova-volume、python3-nova loongarch64 架构： nova-ajax-console-proxy、nova-api-metadata、nova-api-os-compute、nova-api-os-volume、nova-api、nova-cells、nova-common、nova-compute-kvm、nova-compute-libvirt、nova-compute-lxc、nova-compute-qemu、nova-compute-vmware、nova-compute-xen、nova-compute、nova-conductor、nova-novncproxy、nova-scheduler、nova-serialproxy、nova-spiceproxy、nova-volume、python3-nova 3. 软件包修复版本 ·银河麒麟桌面操作系统V10 SP1 2303 2:21.2.4-0kylin2.2 4. 修复方法 方法一：升级安装 执行更新命令进行升级 $sudo apt update $sudo apt install nova-common $sudo apt install python3-nova 方法二：下载软件包进行升级安装 通过软件包地址下载软件包，使用软件包升级命令根据受影响的软件包列表升级相关的组件包。 $sudo dpkg -i /Path1/Package1 /Path2/Package2 /Path3/Package3…… 注：Path 指软件包下载到本地的路径，Package指下载的软件包名称，多个软件包则以空格分开。 5. 软件包下载地址 银河麒麟桌面操作系统V10 SP1 2303 x86_64软件包下载地址 https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-ajax-console-proxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-metadata_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-cells_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-common_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-kvm_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-libvirt_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-lxc_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-qemu_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-vmware_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-xen_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-conductor_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-novncproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-scheduler_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-serialproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-spiceproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/python3-nova_21.2.4-0kylin2.2_all.deb arm64软件包下载地址 https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-ajax-console-proxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-metadata_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-cells_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-common_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-kvm_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-libvirt_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-lxc_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-qemu_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-vmware_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-xen_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-conductor_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-novncproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-scheduler_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-serialproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-spiceproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/python3-nova_21.2.4-0kylin2.2_all.deb mips64el软件包下载地址 https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-ajax-console-proxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-metadata_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-cells_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-common_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-kvm_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-libvirt_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-lxc_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-qemu_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-vmware_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-xen_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-conductor_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-novncproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-scheduler_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-serialproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-spiceproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/python3-nova_21.2.4-0kylin2.2_all.deb loongarch64软件包下载地址 https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-ajax-console-proxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-metadata_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api-os-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-api_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-cells_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-common_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-kvm_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-libvirt_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-lxc_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-qemu_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-vmware_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute-xen_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-compute_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-conductor_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-novncproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-scheduler_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-serialproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-spiceproxy_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/nova-volume_21.2.4-0kylin2.2_all.deb https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nova/python3-nova_21.2.4-0kylin2.2_all.deb 注：软件包仅适用于银河麒麟桌面操作系统V10 SP1 2303版本。 6. 修复验证 使用软件包查询命令，查看相关的软件包版本大于或等于修复版本则成功修复。 $sudo dpkg -l |grep Package 注：Package为软件包包名。