An update for patchelf is now available for openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1001 Final 1.0 1.0 2023-01-03 Initial 2023-01-03 2023-01-03 openEuler SA Tool V1.0 2023-01-03 patchelf security update An update for patchelf is now available for openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. PatchELF is a simple utility for modifying an existing ELF executable or library. It can change the dynamic loader ("ELF interpreter") of an executable and change the RPATH of an executable or library. Security Fix(es): Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.(CVE-2022-44940) An update for patchelf is now available for openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical patchelf https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1001 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-44940 https://nvd.nist.gov/vuln/detail/CVE-2022-44940 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 patchelf-0.16.0-1.oe2203.aarch64.rpm patchelf-debuginfo-0.16.0-1.oe2203.aarch64.rpm patchelf-debugsource-0.16.0-1.oe2203.aarch64.rpm patchelf-0.16.0-1.oe2203sp1.aarch64.rpm patchelf-debuginfo-0.16.0-1.oe2203sp1.aarch64.rpm patchelf-debugsource-0.16.0-1.oe2203sp1.aarch64.rpm patchelf-0.16.0-1.oe2203.src.rpm patchelf-0.16.0-1.oe2203sp1.src.rpm patchelf-debuginfo-0.16.0-1.oe2203.x86_64.rpm patchelf-debugsource-0.16.0-1.oe2203.x86_64.rpm patchelf-0.16.0-1.oe2203.x86_64.rpm patchelf-debuginfo-0.16.0-1.oe2203sp1.x86_64.rpm patchelf-debugsource-0.16.0-1.oe2203sp1.x86_64.rpm patchelf-0.16.0-1.oe2203sp1.x86_64.rpm Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. 2023-01-03 CVE-2022-44940 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H patchelf security update 2023-01-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1001