【安全公告:UTSA-2022-001007】-【CVE-2022-3551】

公告编号:作者:USRC发布日期:2022/11/23

邮件

【统信安全公告: UTSA-2022-001007】-【CVE-2022-3551】

一、漏洞描述
  • A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
二、漏洞信息
  • CVE编号:CVE-2022-3551
  • CWE类型:Improper Resource Shutdown or Release
  • CVSS3评分:6.5
  • 漏洞评级:medium
三、受影响UOS版本
  • 服务器E版105X
四、受影响包
  • xorg-x11-server
五、修复版本
  • xorg-x11-server-1.20.8-13.up3
六、修复方法
  • yum update PackageName
七、是否受影响判断
  • 判断方法:yum info PackageName
  • 结果说明:版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复。
八、参考链接
  • https://gitee.com/src-openeuler/xorg-x11-server/issues/I5WEV5
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
  • https://nvd.nist.gov/vuln/detail/CVE-2022-3551