<?xml version="1.0" ?>
<updates>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1097</id>
		<title>关于 bind 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:34:48"/>
		<updated date="2025-08-25 19:24:20"/>
		<severity>Moderate</severity>
		<description>关于 bind 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-11187" id="CVE-2024-11187" severity="Important" severity_desc="高风险" title="BIND 9的查询处理功能存在拒绝服务漏洞，该漏洞源于未正确校验构造的区域查询响应中Additional section包含的记录数量。攻击者通过发送大量包含大量Additional section记录的查询请求，可能导致授权服务器或独立解析器消耗过多资源处理查询，从而引发服务拒绝。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="32" name="bind" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-9.18.21-4.ky11.x86_64.rpm" version="9.18.21">
					<filename>bind-9.18.21-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="32" name="bind-chroot" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-chroot-9.18.21-4.ky11.x86_64.rpm" version="9.18.21">
					<filename>bind-chroot-9.18.21-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="32" name="bind-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-devel-9.18.21-4.ky11.x86_64.rpm" version="9.18.21">
					<filename>bind-devel-9.18.21-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="32" name="bind-dnssec-doc" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-dnssec-doc-9.18.21-4.ky11.noarch.rpm" version="9.18.21">
					<filename>bind-dnssec-doc-9.18.21-4.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="32" name="bind-dnssec-utils" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-dnssec-utils-9.18.21-4.ky11.x86_64.rpm" version="9.18.21">
					<filename>bind-dnssec-utils-9.18.21-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="32" name="bind-libs" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-libs-9.18.21-4.ky11.x86_64.rpm" version="9.18.21">
					<filename>bind-libs-9.18.21-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="32" name="bind-license" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-license-9.18.21-4.ky11.noarch.rpm" version="9.18.21">
					<filename>bind-license-9.18.21-4.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="32" name="bind-utils" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bind-utils-9.18.21-4.ky11.x86_64.rpm" version="9.18.21">
					<filename>bind-utils-9.18.21-4.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1103</id>
		<title>关于 erlang 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:34:52"/>
		<updated date="2025-08-25 19:29:44"/>
		<severity>Critical</severity>
		<description>关于 erlang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-30211" id="CVE-2025-30211" severity="Important" severity_desc="高风险" title="Erlang/OTP的SSH协议栈在处理密钥交换（KEX）初始化消息时存在内存耗尽漏洞，该漏洞源于未正确验证KEX初始化消息中算法名称字段的长度是否符合RFC标准（64字符限制）。攻击者可构造包含超长算法名称的恶意KEX初始化消息，导致系统在处理该异常数据时分配大量内存，从而引发高内存消耗，可能造成服务拒绝。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-32433" id="CVE-2025-32433" severity="Critical" severity_desc="严重风险" title="Erlang/OTP 27.3.3之前版本存在访问控制错误漏洞，该漏洞源于SSH协议消息处理缺陷，可能导致远程代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="erlang" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-asn1" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-asn1-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-asn1-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-common_test" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-common_test-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-common_test-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-compiler" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-compiler-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-compiler-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-crypto" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-crypto-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-crypto-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-debugger" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-debugger-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-debugger-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-dialyzer" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-dialyzer-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-dialyzer-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-diameter" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-diameter-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-diameter-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-edoc" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-edoc-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-edoc-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-eldap" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-eldap-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-eldap-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erl_docgen" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erl_docgen-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erl_docgen-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erl_interface" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erl_interface-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erl_interface-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erts" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erts-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erts-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-et" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-et-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-et-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-eunit" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-eunit-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-eunit-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-examples" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-examples-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-examples-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ftp" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ftp-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ftp-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-inets" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-inets-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-inets-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-jinterface" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-jinterface-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-jinterface-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-kernel" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-kernel-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-kernel-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-megaco" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-megaco-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-megaco-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-mnesia" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-mnesia-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-mnesia-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-observer" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-observer-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-observer-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-odbc" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-odbc-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-odbc-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-os_mon" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-os_mon-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-os_mon-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-parsetools" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-parsetools-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-parsetools-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-public_key" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-public_key-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-public_key-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-reltool" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-reltool-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-reltool-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-runtime_tools" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-runtime_tools-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-runtime_tools-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-sasl" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-sasl-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-sasl-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-snmp" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-snmp-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-snmp-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-src" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-src-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-src-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ssh" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ssh-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ssh-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ssl" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ssl-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ssl-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-stdlib" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-stdlib-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-stdlib-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-syntax_tools" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-syntax_tools-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-syntax_tools-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-tftp" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-tftp-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-tftp-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-tools" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-tools-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-tools-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-wx" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-wx-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-wx-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-xmerl" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-xmerl-25.3.2.6-3.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-xmerl-25.3.2.6-3.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1110</id>
		<title>关于 glib2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:34:55"/>
		<updated date="2025-08-25 19:30:00"/>
		<severity>Moderate</severity>
		<description>关于 glib2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4056" id="CVE-2025-4056" severity="Important" severity_desc="高风险" title="GLib的进程创建功能存在拒绝服务漏洞，该漏洞源于在Windows平台上处理超长命令行参数时存在缺陷。当应用程序尝试使用过长的命令行参数来启动程序时，可能导致应用程序崩溃或无法响应，从而引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4373" id="CVE-2025-4373" severity="Moderate" severity_desc="中风险" title="该漏洞存在于 GLib 的 g_string_insert_unichar() 函数中，当插入字符的位置参数过大时，计算缓冲区偏移量时发生整数溢出，导致缓冲区下溢（underwrite）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="glib2" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glib2-2.78.3-8.p01.ky11.x86_64.rpm" version="2.78.3">
					<filename>glib2-2.78.3-8.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glib2-devel" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glib2-devel-2.78.3-8.p01.ky11.x86_64.rpm" version="2.78.3">
					<filename>glib2-devel-2.78.3-8.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="glib2-help" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glib2-help-2.78.3-8.p01.ky11.noarch.rpm" version="2.78.3">
					<filename>glib2-help-2.78.3-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glib2-static" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glib2-static-2.78.3-8.p01.ky11.x86_64.rpm" version="2.78.3">
					<filename>glib2-static-2.78.3-8.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glib2-tests" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glib2-tests-2.78.3-8.p01.ky11.x86_64.rpm" version="2.78.3">
					<filename>glib2-tests-2.78.3-8.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1111</id>
		<title>关于 glibc 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:34:55"/>
		<updated date="2025-08-25 19:30:15"/>
		<severity>Important</severity>
		<description>关于 glibc 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4802" id="CVE-2025-4802" severity="Important" severity_desc="高风险" title="GNU C Library 2.27至2.38版本存在安全漏洞，该漏洞源于未受信任的LD_LIBRARY_PATH环境变量可能导致动态共享库加载。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="glibc" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-all-langpacks" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-all-langpacks-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-all-langpacks-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-common" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-common-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-common-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-debugutils" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-debugutils-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-debugutils-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-devel" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-devel-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-devel-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="glibc-help" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-help-2.38-47.p09.ky11.noarch.rpm" version="2.38">
					<filename>glibc-help-2.38-47.p09.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-locale-archive" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-locale-archive-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-locale-archive-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-locale-source" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-locale-source-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-locale-source-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="glibc-nss-devel" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/glibc-nss-devel-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>glibc-nss-devel-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libnsl" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libnsl-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>libnsl-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="nscd" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nscd-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>nscd-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="nss_modules" release="47.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nss_modules-2.38-47.p09.ky11.x86_64.rpm" version="2.38">
					<filename>nss_modules-2.38-47.p09.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1117</id>
		<title>关于 libvpx 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:34:58"/>
		<updated date="2025-08-25 19:30:30"/>
		<severity>Moderate</severity>
		<description>关于 libvpx 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5283" id="CVE-2025-5283" severity="Moderate" severity_desc="中风险" title="Google Chrome 137.0.7151.55之前版本存在资源管理错误漏洞，该漏洞源于libvpx中释放后重用可能导致堆损坏。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libvpx" release="2.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libvpx-1.13.1-2.p02.ky11.x86_64.rpm" version="1.13.1">
					<filename>libvpx-1.13.1-2.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libvpx-devel" release="2.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libvpx-devel-1.13.1-2.p02.ky11.x86_64.rpm" version="1.13.1">
					<filename>libvpx-devel-1.13.1-2.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1134</id>
		<title>关于 redis 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:35:04"/>
		<updated date="2025-08-25 19:31:03"/>
		<severity>Important</severity>
		<description>关于 redis 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-21605" id="CVE-2025-21605" severity="Important" severity_desc="高风险" title="Redis 存在拒绝服务漏洞。Redis 是一个开源的内存数据库，支持持久化到磁盘，从 2.6 版本开始到 7.4.3 版本之前，未认证的客户端可以导致输出缓冲区无限增长，直到服务器内存耗尽或被杀死。默认情况下，Redis 配置不限制普通客户端的输出缓冲区（参见 client-output-buffer-limit）。因此，输出缓冲区可以随着时间无限增长，结果，服务耗尽，内存不可用。当在 Redis 服务器上启用了密码认证但未提供密码时，客户端仍然可以通过 'NOAUTH' 响应使输出缓冲区增长，直到系统内存耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-27151" id="CVE-2025-27151" severity="Moderate" severity_desc="中风险" title="Redis组件存在栈缓冲区溢出漏洞，该漏洞源于在redis-check-aof接口处理用户提供的文件路径时，使用memcpy和strlen(filepath)将数据复制到固定大小的栈缓冲区，导致缓冲区溢出。攻击者可通过构造恶意文件路径实现远程代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-32023" id="CVE-2025-32023" severity="Important" severity_desc="高风险" title="Redis的hyperloglog操作功能存在越界写入漏洞，该漏洞源于对特制字符串处理不当，导致在堆或栈上发生越界写入。经过身份验证的用户可利用此漏洞触发远程代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48367" id="CVE-2025-48367" severity="Important" severity_desc="高风险" title="Redis的未认证连接处理功能存在拒绝服务漏洞，该漏洞源于未认证的连接可导致重复的IP协议错误，进而引发客户端资源耗尽，最终造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-49112" id="CVE-2025-49112" severity="Low" severity_desc="低风险" title="Valkey 在 8.1.1 及之前版本的 networking.c 文件中的 setDeferredReply 函数存在整数下溢漏洞，该漏洞源于在计算 prev-&gt;size - prev-&gt;used 时可能发生整数下溢，导致内存操作异常。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="redis" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/redis-7.2.10-1.ky11.x86_64.rpm" version="7.2.10">
					<filename>redis-7.2.10-1.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1142</id>
		<title>关于 vim 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-13 20:35:07"/>
		<updated date="2025-08-25 19:31:29"/>
		<severity>Moderate</severity>
		<description>关于 vim 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-53905" id="CVE-2025-53905" severity="Moderate" severity_desc="中风险" title="Vim 9.1.1552之前版本存在路径遍历漏洞，该漏洞源于tar.vim插件存在路径遍历问题，可能导致任意文件覆盖。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-53906" id="CVE-2025-53906" severity="Moderate" severity_desc="中风险" title="Vim 9.1.1551之前版本存在路径遍历漏洞，该漏洞源于zip.vim插件存在路径遍历问题，可能导致任意文件覆盖。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="2" name="vim-common" release="18.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-common-9.0.2092-18.p02.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-common-9.0.2092-18.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="vim-enhanced" release="18.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-enhanced-9.0.2092-18.p02.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-enhanced-9.0.2092-18.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="vim-filesystem" release="18.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-filesystem-9.0.2092-18.p02.ky11.noarch.rpm" version="9.0.2092">
					<filename>vim-filesystem-9.0.2092-18.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="vim-minimal" release="18.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-minimal-9.0.2092-18.p02.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-minimal-9.0.2092-18.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="vim-X11" release="18.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-X11-9.0.2092-18.p02.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-X11-9.0.2092-18.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1199</id>
		<title>关于 erlang 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:53:50"/>
		<updated date="2025-09-01 10:13:36"/>
		<severity>Moderate</severity>
		<description>关于 erlang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4748" id="CVE-2025-4748" severity="Important" severity_desc="高风险" title="Erlang OTP的stdlib模块中的zip.erl文件及zip:unzip/1、zip:unzip/2、zip:extract/1、zip:extract/2函数存在路径遍历漏洞，该漏洞源于对路径名限制不当，未正确校验用户提供的路径，除非使用memory选项，否则可能导致绝对路径遍历和文件操作。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="erlang" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-asn1" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-asn1-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-asn1-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-common_test" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-common_test-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-common_test-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-compiler" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-compiler-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-compiler-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-crypto" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-crypto-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-crypto-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-debugger" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-debugger-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-debugger-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-dialyzer" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-dialyzer-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-dialyzer-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-diameter" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-diameter-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-diameter-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-edoc" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-edoc-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-edoc-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-eldap" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-eldap-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-eldap-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erl_docgen" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erl_docgen-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erl_docgen-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erl_interface" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erl_interface-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erl_interface-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erts" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erts-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erts-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-et" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-et-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-et-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-eunit" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-eunit-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-eunit-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-examples" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-examples-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-examples-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ftp" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ftp-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ftp-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-inets" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-inets-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-inets-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-jinterface" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-jinterface-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-jinterface-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-kernel" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-kernel-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-kernel-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-megaco" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-megaco-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-megaco-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-mnesia" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-mnesia-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-mnesia-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-observer" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-observer-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-observer-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-odbc" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-odbc-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-odbc-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-os_mon" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-os_mon-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-os_mon-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-parsetools" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-parsetools-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-parsetools-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-public_key" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-public_key-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-public_key-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-reltool" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-reltool-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-reltool-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-runtime_tools" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-runtime_tools-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-runtime_tools-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-sasl" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-sasl-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-sasl-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-snmp" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-snmp-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-snmp-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-src" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-src-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-src-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ssh" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ssh-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ssh-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ssl" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ssl-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ssl-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-stdlib" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-stdlib-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-stdlib-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-syntax_tools" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-syntax_tools-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-syntax_tools-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-tftp" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-tftp-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-tftp-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-tools" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-tools-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-tools-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-wx" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-wx-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-wx-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-xmerl" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-xmerl-25.3.2.6-3.p02.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-xmerl-25.3.2.6-3.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1201</id>
		<title>关于 httpd 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:53:51"/>
		<updated date="2025-09-01 10:12:55"/>
		<severity>Important</severity>
		<description>关于 httpd 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-43204" id="CVE-2024-43204" severity="Important" severity_desc="高风险" title="Apache HTTP Server在加载了mod_proxy模块的特定配置下存在服务器端请求伪造漏洞，该漏洞源于当mod_headers模块被配置为根据HTTP请求中的值来修改Content-Type请求头或响应头时，攻击者可利用此缺陷构造恶意请求，使服务器向攻击者控制的URL发起出站代理请求。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-47252" id="CVE-2024-47252" severity="Important" severity_desc="高风险" title="Apache HTTP Server 2.4.63及更早版本中的mod_ssl模块对用户提供的数据转义不充分，允许不受信任的SSL/TLS客户端在某些配置下将转义字符插入日志文件。当使用CustomLog指令并配合&quot;%{varname}x&quot;或&quot;%{varname}c&quot;格式来记录由mod_ssl提供的变量（例如SSL_TLS_SNI）时，mod_log_config或mod_ssl均未执行适当的转义操作，导致客户端提供的未经净化的数据可能出现在日志文件中。攻击者可利用该漏洞污染日志内容，造成日志伪造或解析异常等问题。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-23048" id="CVE-2025-23048" severity="Critical" severity_desc="严重风险" title="Apache HTTP Server 2.4.35至2.4.63版本存在访问控制错误漏洞，该漏洞源于某些mod_ssl配置可能导致TLS 1.3会话恢复时访问控制绕过。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-49812" id="CVE-2025-49812" severity="Important" severity_desc="高风险" title="Apache HTTP Server的mod_ssl模块在特定配置下存在认证绕过漏洞，该漏洞源于使用“SSLEngine optional”配置启用TLS升级时存在HTTP去同步化攻击缺陷。可能导致中间人攻击者通过TLS升级劫持HTTP会话，实现未授权访问。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="httpd" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/httpd-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>httpd-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="httpd-devel" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/httpd-devel-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>httpd-devel-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="httpd-filesystem" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/httpd-filesystem-2.4.58-10.p01.ky11.noarch.rpm" version="2.4.58">
					<filename>httpd-filesystem-2.4.58-10.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="httpd-help" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/httpd-help-2.4.58-10.p01.ky11.noarch.rpm" version="2.4.58">
					<filename>httpd-help-2.4.58-10.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="httpd-tools" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/httpd-tools-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>httpd-tools-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mod_ldap" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mod_ldap-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>mod_ldap-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mod_md" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mod_md-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>mod_md-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mod_session" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mod_session-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>mod_session-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mod_proxy_html" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mod_proxy_html-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>mod_proxy_html-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mod_ssl" release="10.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mod_ssl-2.4.58-10.p01.ky11.x86_64.rpm" version="2.4.58">
					<filename>mod_ssl-2.4.58-10.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1212</id>
		<title>关于 libsoup 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:53:57"/>
		<updated date="2025-09-01 10:09:43"/>
		<severity>Low</severity>
		<description>关于 libsoup 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4945" id="CVE-2025-4945" severity="Low" severity_desc="低风险" title="libsoup处理cookie过期日期时存在整数溢出，攻击者可能绕过cookie过期逻辑。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libsoup" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup-2.74.3-4.p04.ky11.x86_64.rpm" version="2.74.3">
					<filename>libsoup-2.74.3-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libsoup-devel" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup-devel-2.74.3-4.p04.ky11.x86_64.rpm" version="2.74.3">
					<filename>libsoup-devel-2.74.3-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup-help" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup-help-2.74.3-4.p04.ky11.noarch.rpm" version="2.74.3">
					<filename>libsoup-help-2.74.3-4.p04.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1218</id>
		<title>关于 mpg123 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:54:01"/>
		<updated date="2025-09-01 10:07:49"/>
		<severity>Moderate</severity>
		<description>关于 mpg123 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-10573" id="CVE-2024-10573" severity="Moderate" severity_desc="中风险" title="mpg123 中发现了一个越界写入漏洞。在处理精心构造的 MPEG 音频流时，解码 PCM 过程中 libmpg123 可能对堆分配缓冲区进行越界写入操作。可能会发生堆损坏，并且不能排除任意代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="mpg123" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-1.29.3-3.p01.ky11.x86_64.rpm" version="1.29.3">
					<filename>mpg123-1.29.3-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mpg123-devel" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-devel-1.29.3-3.p01.ky11.x86_64.rpm" version="1.29.3">
					<filename>mpg123-devel-1.29.3-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="mpg123-help" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-help-1.29.3-3.p01.ky11.noarch.rpm" version="1.29.3">
					<filename>mpg123-help-1.29.3-3.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mpg123-libs" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-libs-1.29.3-3.p01.ky11.x86_64.rpm" version="1.29.3">
					<filename>mpg123-libs-1.29.3-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mpg123-plugins-jack" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-plugins-jack-1.29.3-3.p01.ky11.x86_64.rpm" version="1.29.3">
					<filename>mpg123-plugins-jack-1.29.3-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mpg123-plugins-portaudio" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-plugins-portaudio-1.29.3-3.p01.ky11.x86_64.rpm" version="1.29.3">
					<filename>mpg123-plugins-portaudio-1.29.3-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="mpg123-plugins-pulseaudio" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mpg123-plugins-pulseaudio-1.29.3-3.p01.ky11.x86_64.rpm" version="1.29.3">
					<filename>mpg123-plugins-pulseaudio-1.29.3-3.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1224</id>
		<title>关于 poppler 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:54:04"/>
		<updated date="2025-09-01 10:07:06"/>
		<severity>Moderate</severity>
		<description>关于 poppler 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-52886" id="CVE-2025-52886" severity="Moderate" severity_desc="中风险" title="Freedesktop Poppler是Freedesktop社区的一个用于生成PDF的C++类库，该库是从Xpdf（PDF阅读器）继承而来。
Freedesktop Poppler 25.06.0之前版本存在资源管理错误漏洞，该漏洞源于引用计数溢出，可能导致释放后重用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="poppler" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-cpp" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-cpp-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-cpp-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-cpp-devel" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-cpp-devel-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-cpp-devel-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-devel" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-devel-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-devel-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-glib" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-glib-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-glib-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-glib-devel" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-glib-devel-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-glib-devel-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="poppler-glib-doc" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-glib-doc-23.12.0-7.p01.ky11.noarch.rpm" version="23.12.0">
					<filename>poppler-glib-doc-23.12.0-7.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="poppler-help" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-help-23.12.0-7.p01.ky11.noarch.rpm" version="23.12.0">
					<filename>poppler-help-23.12.0-7.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-qt5" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-qt5-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-qt5-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-qt5-devel" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-qt5-devel-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-qt5-devel-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-qt6" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-qt6-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-qt6-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-qt6-devel" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-qt6-devel-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-qt6-devel-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="poppler-utils" release="7.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/poppler-utils-23.12.0-7.p01.ky11.x86_64.rpm" version="23.12.0">
					<filename>poppler-utils-23.12.0-7.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1241</id>
		<title>关于 raptor2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:54:12"/>
		<updated date="2025-09-01 10:03:23"/>
		<severity>Moderate</severity>
		<description>关于 raptor2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-57822" id="CVE-2024-57822" severity="Moderate" severity_desc="中风险" title="在 Raptor RDF 语法库 2.0.16 及更早版本中，`raptor_ntriples_parse_term_internal()` 函数在解析使用 nquads 解析器解析的三元组时，存在基于堆的缓冲区越界读取漏洞。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="raptor2" release="21.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/raptor2-2.0.15-21.ky11.x86_64.rpm" version="2.0.15">
					<filename>raptor2-2.0.15-21.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="raptor2-devel" release="21.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/raptor2-devel-2.0.15-21.ky11.x86_64.rpm" version="2.0.15">
					<filename>raptor2-devel-2.0.15-21.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="raptor2-help" release="21.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/raptor2-help-2.0.15-21.ky11.x86_64.rpm" version="2.0.15">
					<filename>raptor2-help-2.0.15-21.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202508-1256</id>
		<title>关于 unbound 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-08-26 12:54:21"/>
		<updated date="2025-09-01 09:59:38"/>
		<severity>Important</severity>
		<description>关于 unbound 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5994" id="CVE-2025-5994" severity="Moderate" severity_desc="中风险" title="Unbound在编译时启用了EDNS客户端子网支持（即使用`--enable-subnet`选项）且配置为向上游名称服务器发送ECS信息（即使用了`send-client-subnet`、`client-subnet-zone`或`client-subnet-always-forward`选项之一）时，其缓存解析器功能存在缓存投毒漏洞，该漏洞源于支持ECS的解析器未能对不同出站ECS信息的查询进行充分隔离，重新暴露于生日悖论攻击（Rebirthday攻击）之下，攻击者可尝试匹配DNS事务ID以缓存非ECS的恶意回复，从而污染DNS缓存。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="python3-unbound" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-unbound-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>python3-unbound-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="unbound" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/unbound-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>unbound-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="unbound-anchor" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/unbound-anchor-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>unbound-anchor-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="unbound-devel" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/unbound-devel-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>unbound-devel-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="unbound-help" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/unbound-help-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>unbound-help-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="unbound-libs" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/unbound-libs-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>unbound-libs-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="unbound-utils" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/unbound-utils-1.17.1-12.ky11.x86_64.rpm" version="1.17.1">
					<filename>unbound-utils-1.17.1-12.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202509-1006</id>
		<title>关于 icu 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-09-02 12:53:59"/>
		<updated date="2025-09-08 10:05:21"/>
		<severity>Important</severity>
		<description>关于 icu 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5222" id="CVE-2025-5222" severity="Important" severity_desc="高风险" title="International Components for Unicode（icu） 76.0.1版本存在安全漏洞，该漏洞源于genrb二进制中subtag结构溢出，可能导致内存损坏和本地任意代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="icu" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/icu-74.1-4.p02.ky11.x86_64.rpm" version="74.1">
					<filename>icu-74.1-4.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="icu-help" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/icu-help-74.1-4.p02.ky11.noarch.rpm" version="74.1">
					<filename>icu-help-74.1-4.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libicu" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libicu-74.1-4.p02.ky11.x86_64.rpm" version="74.1">
					<filename>libicu-74.1-4.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libicu-devel" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libicu-devel-74.1-4.p02.ky11.x86_64.rpm" version="74.1">
					<filename>libicu-devel-74.1-4.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202509-1119</id>
		<title>关于 jetty 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-09-23 18:50:09"/>
		<updated date="2025-09-29 13:23:34"/>
		<severity>Important</severity>
		<description>关于 jetty 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5115" id="CVE-2025-5115" severity="Important" severity_desc="高风险" title="Eclipse Jetty的HTTP/2协议处理模块存在资源消耗漏洞，该漏洞源于对客户端发送的异常HTTP/2帧（如窗口增量值为0的WINDOW_UPDATE帧或针对已关闭流发送的DATA帧）处理不当，导致服务器被迫发送RST_STREAM帧，从而消耗大量CPU和内存资源。攻击者可通过短时间内创建大量流并发送非法帧，在不超过最大并发流限制的情况下，持续消耗服务器资源，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="jetty" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-alpn-client" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-alpn-client-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-alpn-client-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-alpn-server" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-alpn-server-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-alpn-server-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-annotations" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-annotations-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-annotations-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-ant" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-ant-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-ant-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-cdi" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-cdi-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-cdi-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-client" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-client-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-client-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-continuation" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-continuation-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-continuation-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-deploy" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-deploy-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-deploy-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-fcgi-client" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-fcgi-client-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-fcgi-client-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-fcgi-server" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-fcgi-server-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-fcgi-server-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http2-client" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http2-client-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http2-client-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http2-common" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http2-common-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http2-common-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http2-hpack" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http2-hpack-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http2-hpack-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http2-http-client-transport" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http2-http-client-transport-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http2-http-client-transport-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http2-server" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http2-server-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http2-server-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-httpservice" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-httpservice-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-httpservice-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-http-spi" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-http-spi-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-http-spi-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-infinispan" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-infinispan-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-infinispan-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-io" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-io-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-io-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jaas" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jaas-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jaas-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jaspi" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jaspi-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jaspi-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-javadoc" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-javadoc-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-javadoc-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-javax-websocket-client-impl" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-javax-websocket-client-impl-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-javax-websocket-client-impl-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-javax-websocket-server-impl" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-javax-websocket-server-impl-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-javax-websocket-server-impl-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jmx" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jmx-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jmx-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jndi" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jndi-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jndi-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jsp" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jsp-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jsp-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jspc-maven-plugin" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jspc-maven-plugin-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jspc-maven-plugin-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-jstl" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-jstl-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-jstl-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-maven-plugin" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-maven-plugin-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-maven-plugin-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-nosql" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-nosql-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-nosql-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-osgi-alpn" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-osgi-alpn-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-osgi-alpn-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-osgi-boot" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-osgi-boot-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-osgi-boot-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-osgi-boot-jsp" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-osgi-boot-jsp-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-osgi-boot-jsp-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-osgi-boot-warurl" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-osgi-boot-warurl-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-osgi-boot-warurl-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-plus" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-plus-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-plus-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-project" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-project-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-project-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-proxy" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-proxy-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-proxy-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-quickstart" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-quickstart-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-quickstart-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-rewrite" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-rewrite-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-rewrite-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-security" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-security-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-security-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-server" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-server-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-server-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-servlet" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-servlet-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-servlet-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-servlets" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-servlets-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-servlets-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-spring" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-spring-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-spring-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-start" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-start-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-start-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-unixsocket" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-unixsocket-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-unixsocket-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-util" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-util-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-util-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-util-ajax" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-util-ajax-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-util-ajax-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-webapp" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-webapp-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-webapp-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-websocket-api" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-websocket-api-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-websocket-api-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-websocket-client" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-websocket-client-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-websocket-client-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-websocket-common" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-websocket-common-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-websocket-common-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-websocket-server" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-websocket-server-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-websocket-server-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-websocket-servlet" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-websocket-servlet-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-websocket-servlet-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jetty-xml" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jetty-xml-9.4.16-8.p01.ky11.noarch.rpm" version="9.4.16">
					<filename>jetty-xml-9.4.16-8.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202510-1087</id>
		<title>关于 openssh 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-10-21 12:50:17"/>
		<updated date="2025-10-27 15:41:18"/>
		<severity>Low</severity>
		<description>关于 openssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61984" id="CVE-2025-61984" severity="Low" severity_desc="低风险" title="OpenSSH（OpenBSD Secure Shell）是加拿大OpenBSD开源的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH 10.1之前版本存在安全漏洞，该漏洞源于允许来自命令行和配置文件扩展的用户名包含控制字符，可能导致代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="openssh" release="5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-9.6p1-5.p06.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-9.6p1-5.p06.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-askpass" release="5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-askpass-9.6p1-5.p06.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-askpass-9.6p1-5.p06.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-clients" release="5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-clients-9.6p1-5.p06.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-clients-9.6p1-5.p06.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openssh-help" release="5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-help-9.6p1-5.p06.se.01.ky11.noarch.rpm" version="9.6p1">
					<filename>openssh-help-9.6p1-5.p06.se.01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-keycat" release="5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-keycat-9.6p1-5.p06.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-keycat-9.6p1-5.p06.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-server" release="5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-server-9.6p1-5.p06.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-server-9.6p1-5.p06.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="pam_ssh_agent_auth" release="4.5.p06.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pam_ssh_agent_auth-0.10.4-4.5.p06.se.01.ky11.x86_64.rpm" version="0.10.4">
					<filename>pam_ssh_agent_auth-0.10.4-4.5.p06.se.01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202510-1099</id>
		<title>关于 redis 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-10-21 12:50:21"/>
		<updated date="2025-10-27 13:59:19"/>
		<severity>Critical</severity>
		<description>关于 redis 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-46817" id="CVE-2025-46817" severity="Important" severity_desc="高风险" title="Redis 是一个开源的内存数据库，支持数据持久化到磁盘。该漏洞存在于 Redis 的 Lua 脚本引擎中，允许经过身份验证的用户通过提交特制的 Lua 脚本触发整数溢出，进而可能引发远程代码执行。攻击者可利用此漏洞在目标系统上执行任意代码，完全控制受影响的服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-46818" id="CVE-2025-46818" severity="Moderate" severity_desc="中风险" title="Redis 是一个开源的内存数据库，支持持久化到磁盘。在 8.2.1 及更低版本中，经过身份验证的用户可以利用特制的 Lua 脚本操纵不同的 LUA 对象，从而可能在其他用户的上下文中执行自己的代码。该问题存在于所有支持 LUA 脚本的 Redis 版本中。此漏洞已在 8.2.2 版本中修复。一种无需更新 redis-server 可执行文件的缓解方法是通过 ACL 禁止用户执行 Lua 脚本，具体做法是限制 EVAL 和 FUNCTION 命令族的使用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-46819" id="CVE-2025-46819" severity="Moderate" severity_desc="中风险" title="Redis的Lua脚本执行功能存在越界读取漏洞，该漏洞源于在处理特制的Lua脚本时未能正确校验内存访问边界。可能导致攻击者读取进程内存中的越界数据或造成服务器崩溃，进而引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-49844" id="CVE-2025-49844" severity="Critical" severity_desc="严重风险" title="Redis的Lua脚本功能存在释放后重用漏洞，该漏洞源于经过身份验证的用户可通过特制的Lua脚本操纵垃圾回收器，触发内存释放后的访问。可能导致远程代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="redis" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/redis-7.2.11-1.ky11.x86_64.rpm" version="7.2.11">
					<filename>redis-7.2.11-1.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202511-1078</id>
		<title>关于 openssl 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-11-14 11:17:00"/>
		<updated date="2025-11-18 09:16:26"/>
		<severity>Important</severity>
		<description>关于 openssl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9230" id="CVE-2025-9230" severity="Important" severity_desc="高风险" title="OpenSSL 存在一个与 CMS消息中基于密码的加密功能相关的内存安全漏洞，该漏洞可能导致越界读取和越界写入操作，从而引发拒绝服务" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="openssl" release="15.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-3.0.12-15.p09.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-3.0.12-15.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="openssl-devel" release="15.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-devel-3.0.12-15.p09.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-devel-3.0.12-15.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="openssl-help" release="15.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-help-3.0.12-15.p09.ky11.noarch.rpm" version="3.0.12">
					<filename>openssl-help-3.0.12-15.p09.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="openssl-libs" release="15.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-libs-3.0.12-15.p09.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-libs-3.0.12-15.p09.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="openssl-perl" release="15.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-perl-3.0.12-15.p09.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-perl-3.0.12-15.p09.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202511-1103</id>
		<title>关于 openssh 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-11-18 12:50:10"/>
		<updated date="2025-11-24 10:26:08"/>
		<severity>Low</severity>
		<description>关于 openssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61985" id="CVE-2025-61985" severity="Low" severity_desc="低风险" title="OpenSSH 10.1之前版本的ssh组件在处理ssh:// URI时未正确过滤其中的'\0'字符，当使用ProxyCommand配置时，攻击者可利用该缺陷构造恶意URI触发非预期行为，可能导致任意代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="openssh" release="5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-9.6p1-5.p07.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-9.6p1-5.p07.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-askpass" release="5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-askpass-9.6p1-5.p07.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-askpass-9.6p1-5.p07.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-clients" release="5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-clients-9.6p1-5.p07.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-clients-9.6p1-5.p07.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openssh-help" release="5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-help-9.6p1-5.p07.se.01.ky11.noarch.rpm" version="9.6p1">
					<filename>openssh-help-9.6p1-5.p07.se.01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-keycat" release="5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-keycat-9.6p1-5.p07.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-keycat-9.6p1-5.p07.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-server" release="5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-server-9.6p1-5.p07.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-server-9.6p1-5.p07.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="pam_ssh_agent_auth" release="4.5.p07.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pam_ssh_agent_auth-0.10.4-4.5.p07.se.01.ky11.x86_64.rpm" version="0.10.4">
					<filename>pam_ssh_agent_auth-0.10.4-4.5.p07.se.01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202601-1020</id>
		<title>关于 openvpn 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-01-09 14:16:45"/>
		<updated date="2026-01-12 14:41:54"/>
		<severity>Moderate</severity>
		<description>关于 openvpn 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13086" id="CVE-2025-13086" severity="Critical" severity_desc="严重风险" title="OpenVPN 存在HMAC验证逻辑漏洞。HMAC 验证检查：修复 memcmp() 调用错误。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13751" id="CVE-2025-13751" severity="Moderate" severity_desc="中风险" title="Windows 上的 OpenVPN 版本 2.5.0 至 2.7_rc2 中的交互式服务代理允许本地经过身份验证的用户连接到服务并触发错误，从而导致本地拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2704" id="CVE-2025-2704" severity="Important" severity_desc="高风险" title="OpenVPN服务器模式在TLS-crypt-v2功能中存在拒绝服务漏洞，该漏洞源于对早期握手阶段网络数据包的校验不充分（CWE-754：未对检查异常条件或意外条件进行正确检查）。远程攻击者可通过破坏并重放网络数据包，导致服务崩溃，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="openvpn" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvpn-2.6.9-6.p01.ky11.x86_64.rpm" version="2.6.9">
					<filename>openvpn-2.6.9-6.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openvpn-devel" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvpn-devel-2.6.9-6.p01.ky11.x86_64.rpm" version="2.6.9">
					<filename>openvpn-devel-2.6.9-6.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openvpn-help" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvpn-help-2.6.9-6.p01.ky11.noarch.rpm" version="2.6.9">
					<filename>openvpn-help-2.6.9-6.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202601-1088</id>
		<title>关于 fluidsynth 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-01-27 12:50:12"/>
		<updated date="2026-02-02 11:09:01"/>
		<severity>Moderate</severity>
		<description>关于 fluidsynth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-56225" id="CVE-2025-56225" severity="Important" severity_desc="高风险" title="fluidsynth组件存在空指针解引用漏洞，该漏洞源于在fluid_synth_monopoly.c模块对MIDI文件的指针有效性未做验证，导致攻击者可通过上传构造的无效MIDI文件实现拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="fluidsynth" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/fluidsynth-2.3.4-2.ky11.x86_64.rpm" version="2.3.4">
					<filename>fluidsynth-2.3.4-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="fluidsynth-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/fluidsynth-devel-2.3.4-2.ky11.x86_64.rpm" version="2.3.4">
					<filename>fluidsynth-devel-2.3.4-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="fluidsynth-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/fluidsynth-help-2.3.4-2.ky11.x86_64.rpm" version="2.3.4">
					<filename>fluidsynth-help-2.3.4-2.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202602-1043</id>
		<title>关于 openssl 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-02-17 12:50:19"/>
		<updated date="2026-03-02 15:18:29"/>
		<severity>Important</severity>
		<description>关于 openssl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68160" id="CVE-2025-68160" severity="Moderate" severity_desc="中风险" title="OpenSSL的BIO_f_linebuffer行缓冲过滤器在处理包含大量无换行符数据且后续BIO执行短写入操作的BIO链时，存在堆越界写入漏洞。该漏洞源于对缓冲区边界校验不足，可能导致内存损坏，进而引发应用程序崩溃，造成拒绝服务。在OpenSSL命令行应用中，此过滤器通常仅在VMS系统上推送到stdout/stderr；第三方应用若显式使用此过滤器且攻击者可控制写入大量无换行符数据，则可能受影响，但实际攻击场景难以被攻击者控制，故评估为低严重性。OpenSSL 3.6、3.5、3.4、3.3、3.0、1.1.1和1.0.2版本受影响，FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69418" id="CVE-2025-69418" severity="Moderate" severity_desc="中风险" title="OpenSSL的硬件加速代码路径中的低级别OCB API（CRYPTO_ocb128_encrypt()和CRYPTO_ocb128_decrypt()函数）存在逻辑缺陷，该漏洞源于在处理长度非16字节倍数的输入时，函数在处理完完整的16字节块后未能正确更新输入/输出指针，导致后续的尾部处理代码重复处理缓冲区开头的数据，而实际尾部字节（1-15字节）未被加密和认证。这可能导致加密时消息尾部字节以明文形式泄露，且这些字节不受认证标签保护，攻击者能够读取或篡改这些字节而不被检测到。使用高级EVP接口或TLS的应用不受影响，仅直接影响调用低级别OCB函数的应用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69419" id="CVE-2025-69419" severity="Important" severity_desc="高风险" title="OpenSSL组件中的PKCS12_get_friendlyname()函数在处理恶意构造的PKCS#12文件时存在安全漏洞，该漏洞源于OPENSSL_uni2utf8()函数在将BMPString（UTF-16BE）转换为UTF-8的过程中，在第二遍转换时错误地将剩余源字节数作为目标缓冲区容量传递给UTF8_putc()函数。当遇到高于U+07FF的BMP码点时，UTF-8需要三个字节编码，但传递的容量可能仅为两个字节，导致UTF8_putc()返回-1，并被错误地加到输出长度中，使得长度变为负数，随后在负偏移处写入结尾NUL字节，造成堆外写入。攻击者可通过提供恶意PKCS#12文件触发此漏洞，可能导致内存损坏和拒绝服务（Denial of Service）。值得注意的是，FIPS模块不受此漏洞影响，而OpenSSL 3.6、3.5、3.4、3.3、3.0和1.1.1版本均受影响，1.0.2版本则不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69420" id="CVE-2025-69420" severity="Important" severity_desc="高风险" title="OpenSSL的ossl_ess_get_signing_cert()和ossl_ess_get_signing_cert_v2()函数在验证时间戳响应（TimeStamp Response）时存在类型混淆漏洞，该漏洞源于在处理签名证书属性值时未对其ASN1_TYPE类型进行正确校验，导致直接以错误的类型访问ASN1_TYPE联合体成员。攻击者可以通过向调用TS_RESP_verify_response()函数的应用程序提供恶意构造的时间戳响应响应，触发无效或空指针解引用，从而导致应用程序崩溃并造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69421" id="CVE-2025-69421" severity="Important" severity_desc="高风险" title="OpenSSL的PKCS12_item_decrypt_d2i_ex()函数在处理恶意构造的PKCS#12文件时存在空指针解引用漏洞。该漏洞源于该函数在被PKCS12_unpack_p7encdata()调用时，未对传入的oct参数进行空值校验便直接进行解引用操作。攻击者可以通过向应用程序提供特制的畸形PKCS#12文件，诱导程序触发崩溃，从而导致拒绝服务（DoS）。该漏洞仅限于可用性影响，无法用于获取权限或泄露敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22795" id="CVE-2026-22795" severity="Moderate" severity_desc="中风险" title="OpenSSL组件在处理畸形的PKCS#12文件时存在安全漏洞，该漏洞源于PKCS#12解析代码中存在类型混淆问题，在未验证类型的情况下访问了ASN1_TYPE联合体成员，导致无效指针读取。攻击者可构造恶意的PKCS#12文件，诱使应用程序处理该文件从而触发空指针或无效指针解引用，造成内存读取异常，最终导致应用程序崩溃，引发拒绝服务攻击。由于该漏洞需要用户或应用程序主动处理恶意文件，且PKCS#12文件通常用于存储受信任的私钥，因此实际利用难度较高。漏洞影响OpenSSL 3.6、3.5、3.4、3.3、3.0和1.1.1版本，而OpenSSL 1.0.2及FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22796" id="CVE-2026-22796" severity="Moderate" severity_desc="中风险" title="OpenSSL的PKCS#7签名验证功能存在类型混淆漏洞，该漏洞源于`PKCS7_digest_from_attributes()`函数在处理签名的PKCS#7数据时，未验证ASN1_TYPE联合体成员的类型便直接访问，当处理畸形的PKCS#7数据时，可能导致解引用无效或空指针，从而引发应用程序崩溃并造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="openssl" release="15.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-3.0.12-15.p10.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-3.0.12-15.p10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="openssl-devel" release="15.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-devel-3.0.12-15.p10.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-devel-3.0.12-15.p10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="openssl-help" release="15.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-help-3.0.12-15.p10.ky11.noarch.rpm" version="3.0.12">
					<filename>openssl-help-3.0.12-15.p10.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="openssl-libs" release="15.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-libs-3.0.12-15.p10.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-libs-3.0.12-15.p10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="openssl-perl" release="15.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssl-perl-3.0.12-15.p10.ky11.x86_64.rpm" version="3.0.12">
					<filename>openssl-perl-3.0.12-15.p10.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1044</id>
		<title>关于 ffmpeg 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-03-17 12:50:07"/>
		<updated date="2026-03-23 15:37:23"/>
		<severity>Moderate</severity>
		<description>关于 ffmpeg 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-7700" id="CVE-2025-7700" severity="Moderate" severity_desc="中风险" title="FFmpeg的ALS音频解码器在处理特定格式错误的音频文件时存在空指针解引用漏洞，该漏洞源于程序未正确检查内存分配失败的情况。攻击者可通过诱导用户或系统处理特制的恶意音频文件，导致应用程序崩溃，从而造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="ffmpeg" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ffmpeg-6.1.1-24.ky11.x86_64.rpm" version="6.1.1">
					<filename>ffmpeg-6.1.1-24.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ffmpeg-devel" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ffmpeg-devel-6.1.1-24.ky11.x86_64.rpm" version="6.1.1">
					<filename>ffmpeg-devel-6.1.1-24.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ffmpeg-libs" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ffmpeg-libs-6.1.1-24.ky11.x86_64.rpm" version="6.1.1">
					<filename>ffmpeg-libs-6.1.1-24.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libavdevice" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libavdevice-6.1.1-24.ky11.x86_64.rpm" version="6.1.1">
					<filename>libavdevice-6.1.1-24.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1178</id>
		<title>关于 exiv2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-03-24 12:50:15"/>
		<updated date="2026-03-30 11:09:07"/>
		<severity>Important</severity>
		<description>关于 exiv2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25884" id="CVE-2026-25884" severity="Important" severity_desc="高风险" title="Exiv2是一个用于读取、写入、删除和修改图像元数据（如Exif、IPTC、XMP和ICC）的C++库及命令行工具。在0.28.8版本之前，其CRW图像解析器中存在一个越界读取漏洞。攻击者可通过构造恶意的图像文件触发该漏洞，可能导致信息泄露或程序崩溃（拒绝服务）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27596" id="CVE-2026-27596" severity="Important" severity_desc="高风险" title="Exiv2的预览组件存在越界读取漏洞，该漏洞源于对图像元数据处理时未正确校验边界，当用户通过命令行参数（如-pp）触发预览功能时，程序会尝试访问一个4GB偏移量的内存地址，导致越界读取，进而引发程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27631" id="CVE-2026-27631" severity="Moderate" severity_desc="中风险" title="Exiv2 是一个用于读取、写入、删除和修改图像元数据（如 Exif、IPTC、XMP 和 ICC）的 C++ 库及命令行工具。在 0.28.8 版本之前，Exiv2 的预览组件中存在一个未捕获的异常漏洞。当用户使用额外命令行参数（例如 -pp）运行 Exiv2 时会触发该漏洞。由于整数溢出问题，程序尝试创建一个巨大的 std::vector，从而引发未捕获的异常并导致程序崩溃。攻击者可利用此漏洞通过构造恶意图像文件或命令行参数造成拒绝服务（DoS）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="exiv2" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/exiv2-0.28.2-8.ky11.x86_64.rpm" version="0.28.2">
					<filename>exiv2-0.28.2-8.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="exiv2-devel" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/exiv2-devel-0.28.2-8.ky11.x86_64.rpm" version="0.28.2">
					<filename>exiv2-devel-0.28.2-8.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="exiv2-help" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/exiv2-help-0.28.2-8.ky11.noarch.rpm" version="0.28.2">
					<filename>exiv2-help-0.28.2-8.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1218</id>
		<title>关于 gnupg2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-03-31 12:50:15"/>
		<updated date="2026-04-07 10:00:55"/>
		<severity>Important</severity>
		<description>关于 gnupg2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68973" id="CVE-2025-68973" severity="Important" severity_desc="高风险" title="GNUPG 2.4.8及之前版本存在安全漏洞，该漏洞源于armor_filter中索引变量增量错误，可能导致越界写入。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24882" id="CVE-2026-24882" severity="Important" severity_desc="高风险" title="GnuPG 2.5.17之前版本中的tpm2daemon组件在处理TPM支持的RSA和ECC密钥的PKDECRYPT命令时存在栈缓冲区溢出漏洞。攻击者可通过本地访问并发送特制的解密请求来触发该漏洞，可能导致任意代码执行、信息泄露或系统崩溃（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="gnupg2" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnupg2-2.4.3-15.ky11.x86_64.rpm" version="2.4.3">
					<filename>gnupg2-2.4.3-15.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gnupg2-help" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnupg2-help-2.4.3-15.ky11.noarch.rpm" version="2.4.3">
					<filename>gnupg2-help-2.4.3-15.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1230</id>
		<title>关于 libexif 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-03-31 12:50:29"/>
		<updated date="2026-04-07 09:54:48"/>
		<severity>Important</severity>
		<description>关于 libexif 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32775" id="CVE-2026-32775" severity="Important" severity_desc="高风险" title="libexif库的exif_mnote_data_get_value函数在处理MakerNotes解码时存在整数下溢漏洞，该漏洞源于当传入的缓冲区大小为0时，函数内部发生整数下溢，导致传入的缓冲区被覆盖。可能导致任意代码执行或应用程序崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libexif" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libexif-0.6.24-2.ky11.x86_64.rpm" version="0.6.24">
					<filename>libexif-0.6.24-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libexif-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libexif-devel-0.6.24-2.ky11.x86_64.rpm" version="0.6.24">
					<filename>libexif-devel-0.6.24-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libexif-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libexif-help-0.6.24-2.ky11.noarch.rpm" version="0.6.24">
					<filename>libexif-help-0.6.24-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1238</id>
		<title>关于 microcode_ctl 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-03-31 12:50:37"/>
		<updated date="2026-04-07 09:52:31"/>
		<severity>Important</severity>
		<description>关于 microcode_ctl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-20053" id="CVE-2025-20053" severity="Important" severity_desc="高风险" title="Intel Xeon处理器固件的SGX（软件防护扩展）功能存在缓冲区限制不当漏洞，该漏洞源于对缓冲区操作的限制不足。可能导致拥有本地访问权限的特权用户利用此漏洞提升权限，从而可能获取对系统资源的更高访问权限。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-20109" id="CVE-2025-20109" severity="Important" severity_desc="高风险" title="部分Intel(R)处理器的流缓存机制存在隔离不当漏洞，该漏洞源于处理器硬件层面的隔离或分区机制存在缺陷。可能导致本地已认证用户通过本地访问权限，潜在实现权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-21090" id="CVE-2025-21090" severity="Moderate" severity_desc="中风险" title="Intel Xeon Processors存在安全漏洞，该漏洞源于缺少资源引用，可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-22839" id="CVE-2025-22839" severity="Important" severity_desc="高风险" title="部分Intel Xeon 6可扩展处理器在带外管理服务模块（OOB-MSM）中存在访问控制粒度不足的问题，攻击者可能利用该漏洞通过相邻访问的方式实现权限提升。该漏洞需要攻击者具备一定特权身份才能利用，但成功利用后可能导致更高权限的系统资源访问能力。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-22840" id="CVE-2025-22840" severity="Important" severity_desc="高风险" title="部分Intel Xeon 6可扩展处理器在处理特定指令序列时存在设计缺陷，导致出现异常行为。经过身份验证的本地攻击者可能利用该问题提升自身权限，从而获取更高的系统访问权限。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-22889" id="CVE-2025-22889" severity="Important" severity_desc="高风险" title="部分搭载Intel® Trust Domain Extensions (TDX)技术的Intel® Xeon® 6处理器在处理受保护内存区域重叠时存在缺陷，该漏洞源于对内存范围的保护机制未能正确实施隔离控制。具备本地访问权限的高权限攻击者可利用此漏洞实现权限提升，从而获得更高的系统控制权。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-24305" id="CVE-2025-24305" severity="Important" severity_desc="高风险" title="同该漏洞源于控制流管理不足，可能导致权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-26403" id="CVE-2025-26403" severity="Moderate" severity_desc="中风险" title="部分Intel® Xeon® 6处理器在使用Intel® SGX或Intel® TDX技术时，其内存子系统存在越界写入缺陷。该漏洞源于对内存访问边界检查不足，导致特权用户可能通过本地访问利用此问题，从而实现权限提升。攻击者可借助此漏洞从低权限账户获取更高系统权限，进而控制受影响系统。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-31648" id="CVE-2025-31648" severity="Low" severity_desc="低风险" title="某些 Intel® 处理器系列的微代码流程中值处理不当可能导致权限提升。启动代码和具有特权用户的 SMM 攻击者结合高复杂度的攻击，可能实现权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-32086" id="CVE-2025-32086" severity="Important" severity_desc="高风险" title="Intel Xeon 6处理器在DDRIO配置中存在权限提升漏洞，该漏洞源于在使用Intel SGX或TDX时未正确实施安全检查，导致特权用户通过本地访问实现权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="microcode_ctl" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/microcode_ctl-20260210.1-1.ky11.x86_64.rpm" version="20260210.1">
					<filename>microcode_ctl-20260210.1-1.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1252</id>
		<title>关于 zlib 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-03-31 12:50:53"/>
		<updated date="2026-04-07 09:22:50"/>
		<severity>Low</severity>
		<description>关于 zlib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27171" id="CVE-2026-27171" severity="Low" severity_desc="低风险" title="zlib 1.3.2之前版本存在CPU资源消耗漏洞。该漏洞源于在crc32_combine64和crc32_combine_gen64函数中，内部函数x2nmodp在循环中执行右移操作时缺少终止条件，导致攻击者可通过调用这些函数触发无限循环，从而造成CPU资源耗尽，引发拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="minizip" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/minizip-1.2.13-5.ky11.x86_64.rpm" version="1.2.13">
					<filename>minizip-1.2.13-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="minizip-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/minizip-devel-1.2.13-5.ky11.x86_64.rpm" version="1.2.13">
					<filename>minizip-devel-1.2.13-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="zlib" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/zlib-1.2.13-5.ky11.x86_64.rpm" version="1.2.13">
					<filename>zlib-1.2.13-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="zlib-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/zlib-devel-1.2.13-5.ky11.x86_64.rpm" version="1.2.13">
					<filename>zlib-devel-1.2.13-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="zlib-help" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/zlib-help-1.2.13-5.ky11.noarch.rpm" version="1.2.13">
					<filename>zlib-help-1.2.13-5.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1029</id>
		<title>关于 git 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-07 12:50:23"/>
		<updated date="2026-04-13 11:23:17"/>
		<severity>Important</severity>
		<description>关于 git 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-66413" id="CVE-2025-66413" severity="Important" severity_desc="高风险" title="Git for Windows的Git克隆功能存在信息泄露漏洞，该漏洞源于未对克隆来源服务器进行充分的安全校验。当用户从恶意服务器克隆代码库时，攻击者可能获取用户的NTLM哈希值。由于NTLM哈希算法强度较弱，攻击者可通过暴力破解方式获取用户的账户名和密码，导致用户凭证信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="git" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-2.43.0-11.ky11.x86_64.rpm" version="2.43.0">
					<filename>git-2.43.0-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="git-core" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-core-2.43.0-11.ky11.x86_64.rpm" version="2.43.0">
					<filename>git-core-2.43.0-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="git-daemon" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-daemon-2.43.0-11.ky11.x86_64.rpm" version="2.43.0">
					<filename>git-daemon-2.43.0-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-email" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-email-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-email-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-gui" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-gui-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-gui-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-help" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-help-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-help-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gitk" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gitk-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>gitk-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-svn" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-svn-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-svn-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-web" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/git-web-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-web-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="perl-Git" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perl-Git-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>perl-Git-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="perl-Git-SVN" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perl-Git-SVN-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>perl-Git-SVN-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1040</id>
		<title>关于 libarchive 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-07 12:50:28"/>
		<updated date="2026-04-13 11:22:03"/>
		<severity>Important</severity>
		<description>关于 libarchive 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4111" id="CVE-2026-4111" severity="Important" severity_desc="高风险" title="libarchive库中的RAR5归档解压缩逻辑存在安全漏洞，具体位于archive_read_data()函数中，当处理特制的RAR5归档文件时，解压缩例程可能进入无法继续向前处理的状态，触发无限循环并持续消耗资源，从而导致拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="bsdcat" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdcat-3.7.1-10.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdcat-3.7.1-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="bsdcpio" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdcpio-3.7.1-10.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdcpio-3.7.1-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="bsdtar" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdtar-3.7.1-10.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdtar-3.7.1-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="bsdunzip" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdunzip-3.7.1-10.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdunzip-3.7.1-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libarchive" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libarchive-3.7.1-10.ky11.x86_64.rpm" version="3.7.1">
					<filename>libarchive-3.7.1-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libarchive-devel" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libarchive-devel-3.7.1-10.ky11.x86_64.rpm" version="3.7.1">
					<filename>libarchive-devel-3.7.1-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libarchive-help" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libarchive-help-3.7.1-10.ky11.noarch.rpm" version="3.7.1">
					<filename>libarchive-help-3.7.1-10.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1050</id>
		<title>关于 pyOpenSSL 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-07 12:50:35"/>
		<updated date="2026-04-13 10:31:09"/>
		<severity>Important</severity>
		<description>关于 pyOpenSSL 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27448" id="CVE-2026-27448" severity="Moderate" severity_desc="中风险" title="pyOpenSSL的set_tlsext_servername_callback回调函数存在安全特性绕过漏洞，该漏洞源于当用户提供的回调函数抛出未处理异常时，程序会错误地接受连接而非拒绝连接。如果用户依赖此回调函数执行任何安全敏感行为，可能导致安全策略被绕过，使得未经授权的连接被接受。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27459" id="CVE-2026-27459" severity="Critical" severity_desc="严重风险" title="pyOpenSSL 的 `set_cookie_generate_callback` 函数回调机制存在缓冲区溢出漏洞，该漏洞源于当用户提供的回调函数返回的 cookie 值长度超过 256 字节时，pyOpenSSL 会溢出 OpenSSL 提供的固定长度缓冲区。可能导致远程攻击者通过发送特制的 DTLS 数据包，执行任意代码或导致服务崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="pyOpenSSL-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pyOpenSSL-help-24.0.0-3.ky11.noarch.rpm" version="24.0.0">
					<filename>pyOpenSSL-help-24.0.0-3.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-pyOpenSSL" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-pyOpenSSL-24.0.0-3.ky11.noarch.rpm" version="24.0.0">
					<filename>python3-pyOpenSSL-24.0.0-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1057</id>
		<title>关于 python-pip 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-07 12:50:41"/>
		<updated date="2026-04-13 10:25:56"/>
		<severity>Important</severity>
		<description>关于 python-pip 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-66418" id="CVE-2025-66418" severity="Important" severity_desc="高风险" title="urllib3组件在处理HTTP响应解压缩功能中存在安全漏洞，该漏洞源于对解压缩链中的链接数量未进行限制，导致攻击者可通过发送多层压缩数据包引发CPU资源耗尽和内存分配激增，最终导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1703" id="CVE-2026-1703" severity="Low" severity_desc="低风险" title="pip的wheel归档文件安装与解压模块存在路径穿越漏洞，该漏洞源于程序在处理恶意构造的wheel归档文件时，未能正确校验或过滤文件名中的路径序列。攻击者可通过构造包含特定路径偏移的wheel文件，诱导系统将文件提取至安装目录之外的特定位置。由于路径穿越被限制在安装目录的前缀范围内，在常规环境下通常无法直接注入或覆盖核心可执行文件，但仍可能导致非预期的文件写入。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-21441" id="CVE-2026-21441" severity="Important" severity_desc="高风险" title="urllib3 2.6.3之前版本存在安全漏洞，该漏洞源于处理HTTP重定向响应时未限制解压缩数据量，可能导致资源消耗过多。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="python3-pip" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-pip-23.3.1-9.ky11.noarch.rpm" version="23.3.1">
					<filename>python3-pip-23.3.1-9.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-pip-help" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python-pip-help-23.3.1-9.ky11.noarch.rpm" version="23.3.1">
					<filename>python-pip-help-23.3.1-9.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-pip-wheel" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python-pip-wheel-23.3.1-9.ky11.noarch.rpm" version="23.3.1">
					<filename>python-pip-wheel-23.3.1-9.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1083</id>
		<title>关于 freetype 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-14 12:50:11"/>
		<updated date="2026-04-20 13:41:44"/>
		<severity>Moderate</severity>
		<description>关于 freetype 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23865" id="CVE-2026-23865" severity="Moderate" severity_desc="中风险" title="Freetype库的tt_var_load_item_variation_store函数存在整型溢出漏洞，该漏洞源于在处理OpenType可变字体中的HVAR/VVAR/MVAR表时，未正确校验数据长度，导致可能发生越界读取操作。攻击者可通过诱导用户解析特制的字体文件，利用此漏洞造成信息泄露或系统异常。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="freetype" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/freetype-2.13.2-5.ky11.x86_64.rpm" version="2.13.2">
					<filename>freetype-2.13.2-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="freetype-demos" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/freetype-demos-2.13.2-5.ky11.x86_64.rpm" version="2.13.2">
					<filename>freetype-demos-2.13.2-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="freetype-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/freetype-devel-2.13.2-5.ky11.x86_64.rpm" version="2.13.2">
					<filename>freetype-devel-2.13.2-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="freetype-help" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/freetype-help-2.13.2-5.ky11.noarch.rpm" version="2.13.2">
					<filename>freetype-help-2.13.2-5.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1102</id>
		<title>关于 openldap 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-14 12:50:19"/>
		<updated date="2026-04-20 12:59:59"/>
		<severity>Moderate</severity>
		<description>关于 openldap 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22185" id="CVE-2026-22185" severity="Moderate" severity_desc="中风险" title="OpenLDAP Lightning Memory-Mapped Database (LMDB) 0.9.14 及更早版本的 mdb_load 工具存在安全漏洞，该漏洞源于 readline() 函数在处理包含嵌入空字节的畸形输入时，无符号偏移量计算发生下溢。攻击者可通过构造恶意输入文件触发越界读取，导致程序崩溃（拒绝服务）或有限堆内存内容泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="openldap" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openldap-2.6.5-7.ky11.x86_64.rpm" version="2.6.5">
					<filename>openldap-2.6.5-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openldap-clients" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openldap-clients-2.6.5-7.ky11.x86_64.rpm" version="2.6.5">
					<filename>openldap-clients-2.6.5-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openldap-devel" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openldap-devel-2.6.5-7.ky11.x86_64.rpm" version="2.6.5">
					<filename>openldap-devel-2.6.5-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openldap-help" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openldap-help-2.6.5-7.ky11.noarch.rpm" version="2.6.5">
					<filename>openldap-help-2.6.5-7.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openldap-servers" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openldap-servers-2.6.5-7.ky11.x86_64.rpm" version="2.6.5">
					<filename>openldap-servers-2.6.5-7.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1115</id>
		<title>关于 qt5-qtimageformats 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-14 12:50:24"/>
		<updated date="2026-04-20 13:15:45"/>
		<severity>Important</severity>
		<description>关于 qt5-qtimageformats 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5683" id="CVE-2025-5683" severity="Moderate" severity_desc="中风险" title="Qt 的 QImage 组件在加载特制的 ICNS 格式图像文件时存在资源分配不当漏洞，该漏洞源于未正确限制资源分配或初始化，导致在处理畸形文件时触发崩溃。可能导致拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="qt5-qtimageformats" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/qt5-qtimageformats-5.15.10-2.ky11.x86_64.rpm" version="5.15.10">
					<filename>qt5-qtimageformats-5.15.10-2.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1128</id>
		<title>关于 libkysdk-base 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-21 12:50:12"/>
		<updated date="2026-04-27 10:01:02"/>
		<severity>Important</severity>
		<description>关于 libkysdk-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0403" id="KVE-2026-0403" severity="Important" severity_desc="高风险" title="银河麒麟操作系统系统开发套件组件存在并发操作处理不当漏洞，该漏洞源于在执行检查与实施操作之间存在可被利用的时间间隙，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libkysdk-base" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-base-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-base-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-basecommon" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-basecommon-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-basecommon-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-base-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-base-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-base-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-conf2" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-conf2-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-conf2-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-conf2-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-conf2-tools" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-conf2-tools-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-tools-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-config" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-config-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-config-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-config-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-config-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-config-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-diagnostics" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-diagnostics-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-diagnostics-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-diagnostics-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-diagnostics-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-diagnostics-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-gsetting" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-gsetting-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-gsetting-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-gsetting-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-gsetting-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-gsetting-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-log" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-log-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-log-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-log-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-log-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-log-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-timer" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-timer-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-timer-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-timer-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-timer-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-timer-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-utils" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-utils-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-utils-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-utils-devel" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-utils-devel-2.5.1.0-1.p07.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-utils-devel-2.5.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1131</id>
		<title>关于 libssh 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-21 12:50:15"/>
		<updated date="2026-04-27 10:01:20"/>
		<severity>Important</severity>
		<description>关于 libssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0964" id="CVE-2026-0964" severity="Moderate" severity_desc="中风险" title="libssh的SCP客户端功能存在路径遍历漏洞，该漏洞源于未正确校验SCP服务器返回的文件路径。恶意的SCP服务器可以发送非预期的路径，导致客户端应用程序将文件覆盖到工作目录之外的位置。此漏洞可能被利用来创建恶意的可执行文件或配置文件，并在特定条件下诱使用户执行这些文件。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0965" id="CVE-2026-0965" severity="Low" severity_desc="低风险" title="libssh 库在解析配置文件时存在安全漏洞，当配置不当或本地攻击者提供恶意配置文件时，程序可能会尝试打开任意文件。该漏洞影响通过默认路径加载的配置、使用 ssh_config_parse_file() 和 ssh_bind_config_parse_file() 函数加载的配置，以及通过 glob 通配符包含的配置文件。危险文件包括块设备、FIFO、命名管道或大型系统文件，可能导致拒绝服务。解决方案是限制只读取常规文件，并设置配置文件大小上限为 16MB。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0966" id="CVE-2026-0966" severity="Low" severity_desc="低风险" title="libssh组件存在缓冲区溢出漏洞，该漏洞源于在处理输入数据时未正确验证输入缓冲区与输出缓冲区的大小关系，导致攻击者可能通过构造恶意输入触发缓冲区溢出，进而导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0967" id="CVE-2026-0967" severity="Low" severity_desc="低风险" title="libssh 客户端与服务器组件在处理配置文件（如客户端配置或 known_hosts）中的模式匹配逻辑时存在拒绝服务漏洞。该漏洞源于 match_pattern() 函数在执行正则表达式或通配符匹配时算法实现不够稳健，导致在处理经过特殊构造的复杂模式时会产生效率极低的回溯行为。如果攻击者能够控制配置文件或诱导受害者连接到特定的主机名，将触发严重的计算资源枯竭和超时，从而导致程序停止响应。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0968" id="CVE-2026-0968" severity="Important" severity_desc="高风险" title="libssh 组件存在拒绝服务漏洞，该漏洞源于在处理畸形的 SFTP 消息时未能正确验证输入，攻击者可构造恶意的 SFTP 消息触发该漏洞，从而导致服务异常终止或资源耗尽，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3731" id="CVE-2026-3731" severity="Moderate" severity_desc="中风险" title="libssh的SFTP扩展名称处理模块中的sftp_extensions_get_name/sftp_extensions_get_data函数存在越界读取漏洞，该漏洞源于对参数idx的操纵未进行有效边界检查。攻击者可通过远程方式利用此漏洞，导致越界读取，可能造成信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libssh" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libssh-0.10.5-10.ky11.x86_64.rpm" version="0.10.5">
					<filename>libssh-0.10.5-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libssh-devel" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libssh-devel-0.10.5-10.ky11.x86_64.rpm" version="0.10.5">
					<filename>libssh-devel-0.10.5-10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libssh-help" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libssh-help-0.10.5-10.ky11.noarch.rpm" version="0.10.5">
					<filename>libssh-help-0.10.5-10.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1155</id>
		<title>关于 python-tornado 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-21 12:50:25"/>
		<updated date="2026-04-27 09:44:50"/>
		<severity>Important</severity>
		<description>关于 python-tornado 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-31958" id="CVE-2026-31958" severity="Important" severity_desc="高风险" title="Tornado是中国龙卷风科技（Tornado）社区的一个Python Web框架和异步网络库。该库通过使用非阻塞网络I / O，可以扩展到成千上万的开放连接，使其非常适合 长时间轮询， WebSocket和其他需要与每个用户建立长期连接的应用程序。
Tornado 6.5.5之前版本存在资源管理错误漏洞，该漏洞源于解析多部分表单数据时缺少部分数量限制，可能导致拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="python3-tornado" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-tornado-6.5-4.ky11.x86_64.rpm" version="6.5">
					<filename>python3-tornado-6.5-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python-tornado-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python-tornado-help-6.5-4.ky11.x86_64.rpm" version="6.5">
					<filename>python-tornado-help-6.5-4.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1182</id>
		<title>关于 strongswan 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-04-21 18:50:10"/>
		<updated date="2026-04-27 09:33:24"/>
		<severity>Important</severity>
		<description>关于 strongswan 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25075" id="CVE-2026-25075" severity="Important" severity_desc="高风险" title="strongSwan 6.0.5之前版本存在整数溢出漏洞，该漏洞源于EAP-TTLS AVP解析器存在整数下溢，可能导致未经身份验证的远程攻击者通过发送具有无效长度字段的特制AVP数据来造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="strongswan" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/strongswan-5.9.10-4.p04.ky11.x86_64.rpm" version="5.9.10">
					<filename>strongswan-5.9.10-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="strongswan-charon-nm" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/strongswan-charon-nm-5.9.10-4.p04.ky11.x86_64.rpm" version="5.9.10">
					<filename>strongswan-charon-nm-5.9.10-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="strongswan-libipsec" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/strongswan-libipsec-5.9.10-4.p04.ky11.x86_64.rpm" version="5.9.10">
					<filename>strongswan-libipsec-5.9.10-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="strongswan-sqlite" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/strongswan-sqlite-5.9.10-4.p04.ky11.x86_64.rpm" version="5.9.10">
					<filename>strongswan-sqlite-5.9.10-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="strongswan-tnc-imcvs" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/strongswan-tnc-imcvs-5.9.10-4.p04.ky11.x86_64.rpm" version="5.9.10">
					<filename>strongswan-tnc-imcvs-5.9.10-4.p04.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1001</id>
		<title>关于 assimp 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:27"/>
		<updated date="2026-05-11 17:04:48"/>
		<severity>Moderate</severity>
		<description>关于 assimp 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11277" id="CVE-2025-11277" severity="Moderate" severity_desc="中风险" title="Assimp 6.0.2版本中的Q3D加载模块存在安全漏洞，具体位于文件assimp/code/AssetLib/Q3D/Q3DLoader.cpp中的Q3DImporter::InternReadFile函数。该漏洞源于在处理特定文件时未正确验证输入数据，导致发生堆缓冲区溢出。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2152" id="CVE-2025-2152" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的文件处理组件BaseImporter.cpp存在安全漏洞，具体影响函数Assimp::BaseImporter::ConvertToUTF8。该漏洞源于在处理特定输入时未正确验证数据长度，导致发生堆缓冲区溢出。攻击者可利用此漏洞通过远程方式发送恶意构造的数据来触发缓冲区溢出，可能造成应用程序崩溃或任意代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2751" id="CVE-2025-2751" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的CSM文件处理器存在安全漏洞，具体位于code/AssetLib/CSM/CSMLoader.cpp文件的Assimp::CSMImporter::InternReadFile函数中。该漏洞是由于对参数na处理不当导致越界读取，攻击者可远程发起攻击，利用此漏洞可能造成信息泄露或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-3158" id="CVE-2025-3158" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3 版本的 LWO File Handler 组件存在堆缓冲区溢出漏洞。该漏洞位于 code/AssetLib/LWO/LWOAnimation.cpp 文件的 Assimp::LWO::AnimResolver::UpdateAnimRangeSetup 函数中。攻击者可以通过诱导受害者加载特制的恶意 LWO 文件，利用受损的内存分配或边界检查逻辑，在本地主机上触发堆内存越界写入。该漏洞可能导致程序崩溃、任意代码执行或本地提权。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-3196" id="CVE-2025-3196" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library Assimp组件的File Handler模块中的aiString::Set函数存在堆缓冲区溢出漏洞，该漏洞源于程序未正确验证输入数据长度或边界条件。可能导致执行任意代码或应用程序崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="assimp" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/assimp-5.3.1-17.ky11.x86_64.rpm" version="5.3.1">
					<filename>assimp-5.3.1-17.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="assimp-devel" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/assimp-devel-5.3.1-17.ky11.x86_64.rpm" version="5.3.1">
					<filename>assimp-devel-5.3.1-17.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="assimp-help" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/assimp-help-5.3.1-17.ky11.noarch.rpm" version="5.3.1">
					<filename>assimp-help-5.3.1-17.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-assimp" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-assimp-5.3.1-17.ky11.noarch.rpm" version="5.3.1">
					<filename>python3-assimp-5.3.1-17.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1002</id>
		<title>关于 engrampa 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:38"/>
		<updated date="2026-05-06 10:37:31"/>
		<severity>Important</severity>
		<description>关于 engrampa 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-52138" id="CVE-2023-52138" severity="Important" severity_desc="高风险" title="Engrampa 是MATE桌面环境下的归档管理器。该组件在处理CPIO归档文件时存在路径遍历漏洞，攻击者可利用此漏洞实现远程命令执行（RCE）。具体而言，在解压过程中，Engrampa默认会跟随存储的符号链接（symlink），而不会检查符号链接指向的位置，从而导致任意文件被写入到非预期目录中。当用户提取恶意构造的CPIO或ISO归档文件时，攻击者即可在目标系统上执行任意命令。该漏洞已在提交63d5dfa中修复。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-7216" id="CVE-2023-7216" severity="Moderate" severity_desc="中风险" title="cpio存在后置链接漏洞，该漏洞源于存在路径遍历，允许未经身份验证的远程攻击者诱骗用户打开特制的存档，然后在目标系统上运行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="engrampa" release="1.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/engrampa-1.26.2-1.p03.ky11.x86_64.rpm" version="1.26.2">
					<filename>engrampa-1.26.2-1.p03.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1007</id>
		<title>关于 golang 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:40"/>
		<updated date="2026-05-06 10:38:51"/>
		<severity>Important</severity>
		<description>关于 golang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-47912" id="CVE-2025-47912" severity="Moderate" severity_desc="中风险" title="Google Go存在安全漏洞，该漏洞源于Parse函数未正确验证URL主机组件中方括号内的IPv6地址格式，可能导致非IPv6地址被错误解析。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-58186" id="CVE-2025-58186" severity="Important" severity_desc="高风险" title="该漏洞源于Go语言标准库中的net/http包在解析HTTP头部时，对Cookie数量未设置上限。尽管HTTP头部有默认1MB的限制，但解析的cookie数量没有限制。通过发送大量非常小的cookie（例如'a=;'），攻击者可以使HTTP服务器分配大量结构体，从而导致内存消耗过大。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61726" id="CVE-2025-61726" severity="Important" severity_desc="高风险" title="Go语言net/url包中的查询参数解析功能存在资源分配无限制导致内存耗尽漏洞，该漏洞源于未对URL查询参数的数量设置限制。当使用net/http.Request.ParseForm方法解析包含大量唯一查询参数的大型URL编码表单时，可能导致过度的内存消耗，进而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61727" id="CVE-2025-61727" severity="Moderate" severity_desc="中风险" title="Go crypto/x509组件存在安全漏洞，该漏洞源于证书链中的排除子域约束未正确限制叶证书中通配符SAN的使用，导致攻击者可构造证书绕过安全限制，实施中间人攻击或访问受限资源。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61728" id="CVE-2025-61728" severity="Moderate" severity_desc="中风险" title="Golang 标准库 archive/zip 在解析 ZIP 归档文件时存在拒绝服务漏洞，该漏洞源于程序在首次打开归档内文件时使用了超线性（super-linear）复杂度的文件名索引算法。可能导致攻击者通过构造恶意的 ZIP 归档文件消耗大量 CPU 资源，导致应用程序挂起或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61729" id="CVE-2025-61729" severity="Important" severity_desc="高风险" title="Google Go存在资源消耗漏洞，该漏洞源于包crypto/x509中的HostnameError.Error函数构造错误字符串时未限制主机数量，可能导致资源过度消耗。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61732" id="CVE-2025-61732" severity="Important" severity_desc="高风险" title="Go cgo存在代码注入漏洞，该漏洞源于对注释解析逻辑不一致，导致攻击者可将恶意代码走私到生成的cgo二进制文件中。攻击者利用此漏洞可能实现任意代码执行，从而完全控制受影响系统。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68119" id="CVE-2025-68119" severity="Important" severity_desc="高风险" title="Go工具链恶意版本字符串处理不当导致代码执行漏洞。Go工具链在通过外部版本控制系统（如Mercurial、Git）下载和构建模块时，对恶意版本字符串的校验与处理存在缺陷。当系统安装了Mercurial（hg）时，从非标准源（如自定义域名）下载模块可能导致意外代码执行；当系统安装了Git时，提供恶意版本字符串可允许攻击者向文件系统任意位置写入文件。该漏洞需要用户显式提供恶意版本字符串，不会影响@latest或裸模块路径的使用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68121" id="CVE-2025-68121" severity="Important" severity_desc="高风险" title="Go语言标准库的crypto/tls模块存在安全漏洞，该漏洞源于Config.Clone方法错误复制自动生成的会话票据密钥，且会话恢复过程中未验证完整证书链的过期状态。攻击者可利用过期证书链建立加密通道，导致敏感信息泄露或证书伪造。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25679" id="CVE-2026-25679" severity="Important" severity_desc="高风险" title="Go语言标准库中的net/url包在解析URL时，对主机/授权组件的验证不充分，接受了某些无效的URL格式。具体而言，当IPv6字面量未出现在主机部分起始位置时，url.Parse函数未能正确拒绝包含垃圾数据前缀的IP字面量，导致可能引发程序异常或资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27139" id="CVE-2026-27139" severity="Low" severity_desc="低风险" title="Go语言的`File.ReadDir`或`File.Readdir`函数在Unix平台上存在目录遍历漏洞，该漏洞源于在列出已打开根目录下的文件时，返回的`FileInfo`对象可能引用根目录之外的文件。攻击者可利用此漏洞绕过预期的目录限制，读取文件系统上任意位置的元数据（通过`lstat`获取），但无法读取或写入根目录之外的文件内容。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27142" id="CVE-2026-27142" severity="Moderate" severity_desc="中风险" title="Go语言标准库html/template包在将URL插入HTML meta标签的content属性时，未对相关操作进行转义处理。当该meta标签同时包含值为“refresh”的http-equiv属性时，此缺陷可导致跨站脚本攻击。为此新增了一个GODEBUG设置项htmlmetacontenturlescape，通过设置htmlmetacontenturlescape=0可禁用对meta content属性中“url=”后URL操作的转义。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="golang" release="44.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/golang-1.21.4-44.p01.ky11.x86_64.rpm" version="1.21.4">
					<filename>golang-1.21.4-44.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="golang-devel" release="44.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/golang-devel-1.21.4-44.p01.ky11.x86_64.rpm" version="1.21.4">
					<filename>golang-devel-1.21.4-44.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="golang-help" release="44.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/golang-help-1.21.4-44.p01.ky11.noarch.rpm" version="1.21.4">
					<filename>golang-help-1.21.4-44.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1018</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:47"/>
		<updated date="2026-05-03 16:34:47"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23060" id="CVE-2026-23060" severity="Moderate" severity_desc="中风险" title="Linux内核的加密模块authencesn在处理ESP/ESN格式的AAD（附加认证数据）时存在安全漏洞。当传入的assoclen参数小于8字节时，crypto_authenc_esn_decrypt()函数会越界访问目标scatterlist，导致scatterwalk_map_and_copy()函数中发生空指针解引用，从而引发内核恐慌（Kernel Panic），造成系统拒绝服务（DoS）。攻击者可利用该漏洞通过构造恶意的加密请求导致系统崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-31431" id="CVE-2026-31431" severity="Important" severity_desc="高风险" title="Linux Kernel algif_aead 模块（AF_ALG 用户态加密 API 的 AEAD 接口）存在本地提权漏洞，该漏洞源于 2017 年引入的一项 in-place 优化（commit 72548b093ee3），由于源数据与目标数据来自不同的内存映射，in-place 操作会将 page-cache 页面错误地放入可写目的地的 scatterlist 中，未授权的本地攻击者可通过 splice() 将 SUID 二进制文件的页缓存页面与 AF_ALG socket 加密操作串联，实现对任意页缓存页面的可控 4 字节写入，从而篡改已加载到内存中的 SUID 程序代码，最终获取 root 权限。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43033" id="CVE-2026-43033" severity="Important" severity_desc="高风险" title="在 Linux 内核中，已修复以下漏洞：crypto: authencesn - 在非原地解密时，不要将 hiseq 放在目标缓冲区的末尾。在解密非原地数据（源地址 != 目标地址）时，无需将高位序列位保存到目标缓冲区，因为可以直接从源地址重新复制。但是，需要相应地重新排列要进行哈希处理的数据。感谢！" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="bpftool" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bpftool-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>bpftool-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-abi-stablelists-6.6.0-32.14.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-32.14.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-core" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-core-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-cross-headers" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel-matched" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-matched-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-doc-6.6.0-32.14.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-32.14.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-headers" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-headers-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-ipaclones-internal" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-ipaclones-internal-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-extra" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-internal" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-selftests-internal" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-selftests-internal-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs-devel" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="perf" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perf-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-perf" release="32.14.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-perf-6.6.0-32.14.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-32.14.v2505.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1024</id>
		<title>关于 libtpms 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:49"/>
		<updated date="2026-05-06 10:52:30"/>
		<severity>Moderate</severity>
		<description>关于 libtpms 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-49133" id="CVE-2025-49133" severity="Moderate" severity_desc="中风险" title="libtpms的CryptHmacSign函数存在越界读取漏洞，该漏洞源于signKey与signScheme参数配对不一致，当signKey为ALG_KEYEDHASH密钥而inScheme为ECC或RSA方案时，CryptHmacSign函数会触发越界读取。攻击者可通过向基于受影响TCG参考实现的TPM 2.0/vTPM（swtpm）固件发送恶意命令触发此漏洞，导致libtpms因检测到越界访问而异常终止，进而使vTPM（swtpm）对虚拟机不可用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libtpms" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtpms-0.9.5-4.p02.ky11.x86_64.rpm" version="0.9.5">
					<filename>libtpms-0.9.5-4.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libtpms-devel" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtpms-devel-0.9.5-4.p02.ky11.x86_64.rpm" version="0.9.5">
					<filename>libtpms-devel-0.9.5-4.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1025</id>
		<title>关于 openssh 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:50"/>
		<updated date="2026-05-06 10:52:47"/>
		<severity>Important</severity>
		<description>关于 openssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3497" id="CVE-2026-3497" severity="Moderate" severity_desc="中风险" title="OpenSSH组件在多个Linux发行版中引入的GSSAPI补丁存在安全漏洞，该漏洞并不影响上游OpenSSH项目本身。当服务器在GSSAPI密钥交换过程中接收到攻击者发送的异常GSSAPI消息类型时，会触发错误处理流程。由于错误处理中调用了不会终止进程的sshpkt_disconnect()函数，导致程序继续执行但未正确初始化相关的连接变量（这些变量未被设置为NULL）。后续代码访问了这些未初始化的变量，读取随机内存内容，从而引发未定义行为（例如程序崩溃、信息泄露或远程代码执行）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35385" id="CVE-2026-35385" severity="Important" severity_desc="高风险" title="OpenSSH 10.3版本之前存在权限设置不当漏洞，当以root用户身份使用scp命令并启用-O选项（旧版scp协议）且未使用-p选项（保留文件模式）时，下载的文件可能会被错误地安装为setuid或setgid属性，这与部分用户的预期行为不符。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35386" id="CVE-2026-35386" severity="Low" severity_desc="低风险" title="OpenSSH 10.3版本之前存在命令执行漏洞，该漏洞源于在命令行中使用包含shell元字符的用户名时可能导致命令执行。攻击者需要在一个命令行中的用户名不可信的场景下，并配合ssh_config中非默认的%配置才能利用此漏洞。攻击者可借助特制的用户名在目标系统上执行任意命令，从而获取敏感信息或造成进一步危害。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35387" id="CVE-2026-35387" severity="Low" severity_desc="低风险" title="OpenSSH 10.3之前版本在处理PubkeyAcceptedAlgorithms或HostbasedAcceptedAlgorithms配置时存在安全限制绕过漏洞。当用户尝试通过列出特定ECDSA算法来限制允许的公钥算法时，OpenSSH会错误地将其解释为接受所有ECDSA算法，从而可能允许攻击者使用未预期的ECDSA算法进行身份验证，增加了未经授权访问系统的风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35388" id="CVE-2026-35388" severity="Low" severity_desc="低风险" title="OpenSSH在10.3版本之前的代理模式复用会话中，存在连接复用确认绕过漏洞，该漏洞源于在代理模式复用会话时，未进行连接复用确认，可能导致攻击者利用此漏洞绕过安全确认机制，造成低完整性影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35414" id="CVE-2026-35414" severity="Moderate" severity_desc="中风险" title="OpenSSH 10.3之前版本在处理authorized_keys文件中的principals选项时存在安全漏洞，该漏洞源于在特定场景下（如与使用逗号字符的证书颁发机构结合使用时），未能正确验证或解析主体列表，可能导致攻击者绕过预期的访问控制限制，从而获得未授权的系统访问权限。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="openssh" release="5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-askpass" release="5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-askpass-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-askpass-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-clients" release="5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-clients-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-clients-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openssh-help" release="5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-help-9.6p1-5.p07.04.se.01.ky11.noarch.rpm" version="9.6p1">
					<filename>openssh-help-9.6p1-5.p07.04.se.01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-keycat" release="5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-keycat-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-keycat-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openssh-server" release="5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openssh-server-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm" version="9.6p1">
					<filename>openssh-server-9.6p1-5.p07.04.se.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="pam_ssh_agent_auth" release="4.5.p07.04.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pam_ssh_agent_auth-0.10.4-4.5.p07.04.se.01.ky11.x86_64.rpm" version="0.10.4">
					<filename>pam_ssh_agent_auth-0.10.4-4.5.p07.04.se.01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1034</id>
		<title>关于 ukui-control-center 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:53"/>
		<updated date="2026-05-06 10:57:55"/>
		<severity>Important</severity>
		<description>关于 ukui-control-center 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0405" id="KVE-2026-0405" severity="Important" severity_desc="高风险" title="ukui-control-center组件 D-Bus 服务setaptproxy 方法，由于未对输入进行任何过滤或转义，攻击者可以在代理字符串中注入任意 shell 命令。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0406" id="KVE-2026-0406" severity="Moderate" severity_desc="中风险" title="ukui-control-center组件存在授权缺失漏洞，攻击者通过 D-Bus 调用 setNtpSerAddress 方法，可修改 NTP 配置。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libukcc3" release="1.p52.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libukcc3-4.10.0.0-1.p52.01.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>libukcc3-4.10.0.0-1.p52.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libukcc-devel" release="1.p52.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libukcc-devel-4.10.0.0-1.p52.01.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>libukcc-devel-4.10.0.0-1.p52.01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-control-center" release="1.p52.01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-control-center-4.10.0.0-1.p52.01.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-control-center-4.10.0.0-1.p52.01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1036</id>
		<title>关于 ukui-settings-daemon 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-03 16:34:54"/>
		<updated date="2026-05-06 10:58:38"/>
		<severity>Important</severity>
		<description>关于 ukui-settings-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0306" id="KVE-2025-0306" severity="Important" severity_desc="高风险" title="ukui-settings-daemon组件writeGlobalConfig函数存在任意文件写入漏洞" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-display-switch" release="1.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-display-switch-4.10.0.0-1.p12.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>kylin-display-switch-4.10.0.0-1.p12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-settings-daemon" release="1.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-settings-daemon-4.10.0.0-1.p12.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-4.10.0.0-1.p12.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-settings-daemon-common" release="1.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-settings-daemon-common-4.10.0.0-1.p12.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-common-4.10.0.0-1.p12.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1044</id>
		<title>关于 luksmeta 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-05 12:50:11"/>
		<updated date="2026-05-11 17:02:39"/>
		<severity>Moderate</severity>
		<description>关于 luksmeta 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11568" id="CVE-2025-11568" severity="Moderate" severity_desc="中风险" title="luksmeta工具在处理LUKS1磁盘加密格式时存在数据损坏漏洞，该漏洞源于在元数据处理过程中未正确验证可用空间，导致攻击者可写入大量元数据覆盖用户数据，造成数据永久丢失。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="luksmeta" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/luksmeta-9-7.ky11.x86_64.rpm" version="9">
					<filename>luksmeta-9-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="luksmeta-devel" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/luksmeta-devel-9-7.ky11.x86_64.rpm" version="9">
					<filename>luksmeta-devel-9-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="luksmeta-help" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/luksmeta-help-9-7.ky11.noarch.rpm" version="9">
					<filename>luksmeta-help-9-7.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1054</id>
		<title>关于 kylin-device-daemon 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-06 12:24:26"/>
		<updated date="2026-05-06 15:25:22"/>
		<severity>Important</severity>
		<description>关于 kylin-device-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2024-1102" id="KVE-2024-1102" severity="Important" severity_desc="高风险" title="银河麒麟操作系统设备管理组件存在挂载操作权限控制不当漏洞，该漏洞源于挂载操作的权限管控不够严格，低权限用户可执行高危挂载，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-device-daemon" release="1.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-device-daemon-3.24.0.0-1.p02.ky11.x86_64.rpm" version="3.24.0.0">
					<filename>kylin-device-daemon-3.24.0.0-1.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1055</id>
		<title>关于 libkysdk-base 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-06 12:24:27"/>
		<updated date="2026-05-06 15:25:06"/>
		<severity>Important</severity>
		<description>关于 libkysdk-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2024-0620" id="KVE-2024-0620" severity="Important" severity_desc="高风险" title="银河麒麟操作系统系统开发套件组件存在文件写入权限校验不充分漏洞，该漏洞源于执行文件写入操作前对调用者权限的验证不充分，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libkysdk-base" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-base-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-base-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-basecommon" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-basecommon-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-basecommon-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-base-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-base-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-base-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-conf2" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-conf2-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-conf2-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-conf2-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-conf2-tools" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-conf2-tools-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-tools-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-config" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-config-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-config-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-config-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-config-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-config-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-diagnostics" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-diagnostics-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-diagnostics-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-diagnostics-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-diagnostics-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-diagnostics-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-gsetting" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-gsetting-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-gsetting-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-gsetting-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-gsetting-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-gsetting-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-log" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-log-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-log-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-log-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-log-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-log-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-timer" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-timer-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-timer-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-timer-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-timer-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-timer-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-utils" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-utils-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-utils-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-utils-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-utils-devel-2.5.1.0-1.p08.ky11.x86_64.rpm" version="2.5.1.0">
					<filename>libkysdk-utils-devel-2.5.1.0-1.p08.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1056</id>
		<title>关于 ukui-biometric-auth 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-06 12:24:29"/>
		<updated date="2026-05-06 14:43:56"/>
		<severity>Moderate</severity>
		<description>关于 ukui-biometric-auth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0402" id="KVE-2026-0402" severity="Moderate" severity_desc="中风险" title="ukui-biometric-auth组件D-Bus 方法缺少授权检查，导致接口能被未授权用户访问。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0404" id="KVE-2026-0404" severity="Low" severity_desc="低风险" title="银河麒麟系统中的 uniauth-backend D-Bus 服务以 root 权限运行，负责用户认证信息管理。由于 D-Bus 权限策略配置不当且服务端缺少授权检查，普通本地用户可在无认证情况下直接调用接口，篡改 /var/lib/lightdm/.cache/ukui-greeter.conf 里的 lastLoginUser 、SaveQuickLoginUser 字段。攻击者可写入任意字符串（如不存在用户名），导致登录界面异常，造成拒绝服务或干扰正常登录流程。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libpam-biometric" release="1.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpam-biometric-4.10.0.0-1.p05.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>libpam-biometric-4.10.0.0-1.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-biometric-auth" release="1.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-biometric-auth-4.10.0.0-1.p05.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-biometric-auth-4.10.0.0-1.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-polkit" release="1.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-polkit-4.10.0.0-1.p05.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-polkit-4.10.0.0-1.p05.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1060</id>
		<title>关于 kysec2-scene 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-08 10:18:39"/>
		<updated date="2026-05-08 10:41:04"/>
		<severity>Important</severity>
		<description>关于 kysec2-scene 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0214" id="KVE-2026-0214" severity="Important" severity_desc="高风险" title="银河麒麟操作系统安全场景管理组件存在文件读写权限校验不充分漏洞，该漏洞源于执行文件读写操作前对调用者权限的验证不充分，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0302" id="KVE-2026-0302" severity="Important" severity_desc="高风险" title="kysec2-scene 组件的 D-Bus 服务SavePolicy接口可被普通用户调用，实现任意文件读写并最终提权为 Root。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0303" id="KVE-2026-0303" severity="Important" severity_desc="高风险" title="kysec2-scene 组件的 D-Bus 服务SaveConvertPolicy接口可被普通用户调用，实现任意文件读写并最终提权为 Root。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0304" id="KVE-2026-0304" severity="Important" severity_desc="高风险" title="kysec2-scene 组件的 D-Bus 服务UpdateExectlStrategyState接口可被普通用户调用，实现任意文件读写并最终提权为 Root。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kysec2-scene" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kysec2-scene-1.0.1-24.ky11.x86_64.rpm" version="1.0.1">
					<filename>kysec2-scene-1.0.1-24.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kysec2-scene-devel" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kysec2-scene-devel-1.0.1-24.ky11.x86_64.rpm" version="1.0.1">
					<filename>kysec2-scene-devel-1.0.1-24.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kysec2-scene-example" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kysec2-scene-example-1.0.1-24.ky11.x86_64.rpm" version="1.0.1">
					<filename>kysec2-scene-example-1.0.1-24.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1167</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-10 21:23:23"/>
		<updated date="2026-05-10 21:23:23"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-31668" id="CVE-2026-31668" severity="Important" severity_desc="高风险" title="Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel存在安全漏洞，该漏洞源于seg6 lwtunnel中dst_cache在输入和输出路径间共享，可能导致后执行路径盲目重用前一路径的缓存，绕过自身路由查找。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43284" id="CVE-2026-43284" severity="Important" severity_desc="高风险" title=" Linux 内核 xfrm-ESP 页面缓存写入漏洞。在 ESP（IPsec 封装安全载荷）输入路径中，esp_input() 函数在特定分支下绕过了 skb_cow_data() 调用，直接在经 splice 植入的页缓存 frag 上执行原地 AEAD 解密，从而导致页面缓存被修改。攻击者可控制写入位置及写入值（4字节），用于篡改 /usr/bin/su 的页缓存并植入恶意 ELF 代码，最终获得 root 权限。该漏洞需要 CAP_NET_ADMIN 权限（可通过创建用户命名空间获取）。
" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="bpftool" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bpftool-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>bpftool-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-abi-stablelists-6.6.0-32.15.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-32.15.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-core" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-core-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-cross-headers" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel-matched" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-matched-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-doc-6.6.0-32.15.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-32.15.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-headers" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-headers-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-ipaclones-internal" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-ipaclones-internal-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-extra" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-internal" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-selftests-internal" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-selftests-internal-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs-devel" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="perf" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perf-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-perf" release="32.15.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-perf-6.6.0-32.15.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-32.15.v2505.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1173</id>
		<title>关于 erlang 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-12 12:50:07"/>
		<updated date="2026-05-19 09:27:02"/>
		<severity>Moderate</severity>
		<description>关于 erlang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48038" id="CVE-2025-48038" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源分配无限制漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击，或因资源泄漏暴露敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48039" id="CVE-2025-48039" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源分配无限制漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击，或因资源泄漏暴露敏感信息。
" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48040" id="CVE-2025-48040" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源消耗失控漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击或资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48041" id="CVE-2025-48041" severity="Important" severity_desc="高风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源分配无限制漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击或资源耗尽。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="erlang" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-asn1" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-asn1-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-asn1-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-common_test" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-common_test-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-common_test-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-compiler" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-compiler-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-compiler-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-crypto" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-crypto-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-crypto-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-debugger" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-debugger-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-debugger-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-dialyzer" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-dialyzer-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-dialyzer-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-diameter" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-diameter-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-diameter-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-edoc" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-edoc-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-edoc-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-eldap" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-eldap-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-eldap-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erl_docgen" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erl_docgen-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erl_docgen-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erl_interface" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erl_interface-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erl_interface-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-erts" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-erts-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-erts-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-et" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-et-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-et-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-eunit" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-eunit-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-eunit-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-examples" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-examples-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-examples-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ftp" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ftp-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ftp-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-inets" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-inets-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-inets-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-jinterface" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-jinterface-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-jinterface-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-kernel" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-kernel-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-kernel-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-megaco" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-megaco-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-megaco-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-mnesia" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-mnesia-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-mnesia-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-observer" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-observer-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-observer-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-odbc" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-odbc-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-odbc-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-os_mon" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-os_mon-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-os_mon-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-parsetools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-parsetools-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-parsetools-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-public_key" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-public_key-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-public_key-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-reltool" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-reltool-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-reltool-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-runtime_tools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-runtime_tools-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-runtime_tools-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-sasl" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-sasl-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-sasl-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-snmp" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-snmp-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-snmp-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-src" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-src-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-src-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ssh" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ssh-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ssh-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-ssl" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-ssl-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-ssl-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-stdlib" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-stdlib-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-stdlib-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-syntax_tools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-syntax_tools-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-syntax_tools-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-tftp" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-tftp-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-tftp-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-tools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-tools-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-tools-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-wx" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-wx-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-wx-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="erlang-xmerl" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/erlang-xmerl-25.3.2.6-13.p01.ky11.x86_64.rpm" version="25.3.2.6">
					<filename>erlang-xmerl-25.3.2.6-13.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1179</id>
		<title>关于 kylin-wayland-compositor 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-12 12:50:11"/>
		<updated date="2026-05-19 11:40:59"/>
		<severity>Moderate</severity>
		<description>关于 kylin-wayland-compositor 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0426" id="KVE-2026-0426" severity="Moderate" severity_desc="中风险" title="kylin-wayland-compositor组件该组件在解码 BMP 和 ICO 图像格式时，存在整数溢出和越界读取漏洞，可能引发越界读取和拒绝服务" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0427" id="KVE-2026-0427" severity="Moderate" severity_desc="中风险" title="kylin-wayland-compositor组件该组件在解码 BMP 和 ICO 图像格式时，存在整数溢出漏洞，可能引发拒绝服务" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-wayland-compositor" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-wayland-compositor-1.3.1.0-1.p01.ky11.x86_64.rpm" version="1.3.1.0">
					<filename>kylin-wayland-compositor-1.3.1.0-1.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kylin-wayland-compositor-client" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-wayland-compositor-client-1.3.1.0-1.p01.ky11.x86_64.rpm" version="1.3.1.0">
					<filename>kylin-wayland-compositor-client-1.3.1.0-1.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1197</id>
		<title>关于 protobuf 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-12 12:50:20"/>
		<updated date="2026-05-18 17:54:23"/>
		<severity>Important</severity>
		<description>关于 protobuf 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4565" id="CVE-2025-4565" severity="Moderate" severity_desc="中风险" title="Protobuf Pure-Python 后端在解析包含任意数量递归组、递归消息或一系列SGROUP标签的不可信Protocol Buffers数据时，存在递归处理拒绝服务漏洞，该漏洞源于未对递归深度进行有效限制，导致超出Python递归限制。攻击者可通过发送特制的Protocol Buffers数据，触发RecursionError异常，导致应用程序崩溃，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="protobuf" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-25.1-12.p01.ky11.x86_64.rpm" version="25.1">
					<filename>protobuf-25.1-12.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-bom" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-bom-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-bom-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="protobuf-compiler" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-compiler-25.1-12.p01.ky11.x86_64.rpm" version="25.1">
					<filename>protobuf-compiler-25.1-12.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="protobuf-devel" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-devel-25.1-12.p01.ky11.x86_64.rpm" version="25.1">
					<filename>protobuf-devel-25.1-12.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-java" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-java-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-java-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-javadoc" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-javadoc-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-javadoc-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-javalite" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-javalite-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-javalite-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-java-util" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-java-util-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-java-util-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="protobuf-lite" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-lite-25.1-12.p01.ky11.x86_64.rpm" version="25.1">
					<filename>protobuf-lite-25.1-12.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="protobuf-lite-devel" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-lite-devel-25.1-12.p01.ky11.x86_64.rpm" version="25.1">
					<filename>protobuf-lite-devel-25.1-12.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-parent" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/protobuf-parent-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-parent-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-protobuf" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-protobuf-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>python3-protobuf-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1200</id>
		<title>关于 tar 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-12 12:50:23"/>
		<updated date="2026-05-18 17:52:36"/>
		<severity>Moderate</severity>
		<description>关于 tar 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-45582" id="CVE-2025-45582" severity="Moderate" severity_desc="中风险" title="GNU Tar组件存在目录遍历漏洞，该漏洞源于在解压TAR存档时未正确校验路径逻辑，允许攻击者通过分两步解压包含符号链接和关键文件的特制存档，绕过原有的'成员名称包含..'保护机制，导致关键文件被覆盖。攻击者可利用该漏洞覆盖系统配置文件，可能引发权限提升或敏感数据篡改。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="2" name="tar" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/tar-1.35-3.ky11.x86_64.rpm" version="1.35">
					<filename>tar-1.35-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="tar-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/tar-help-1.35-3.ky11.noarch.rpm" version="1.35">
					<filename>tar-help-1.35-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1207</id>
		<title>关于 alsa-lib 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:07"/>
		<updated date="2026-05-25 18:16:28"/>
		<severity>Moderate</severity>
		<description>关于 alsa-lib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25068" id="CVE-2026-25068" severity="Moderate" severity_desc="中风险" title="alsa-lib 1.2.2 版本至 1.2.15.2 版本（不含提交 5f7fe33）中的拓扑混音器控制解码器存在堆缓冲区溢出漏洞。tplg_decode_control_mixer1() 函数从不受信任的 .tplg 数据中读取 num_channels 字段，并将其作为循环边界使用，而未验证其是否超出固定大小的通道数组（SND_TPLG_MAX_CHAN）。攻击者可构造一个具有过大 num_channels 值的拓扑文件，导致越界堆写入，从而引发程序崩溃（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="alsa-lib" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/alsa-lib-1.2.10-4.ky11.x86_64.rpm" version="1.2.10">
					<filename>alsa-lib-1.2.10-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="alsa-lib-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/alsa-lib-devel-1.2.10-4.ky11.x86_64.rpm" version="1.2.10">
					<filename>alsa-lib-devel-1.2.10-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="alsa-topology" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/alsa-topology-1.2.10-4.ky11.noarch.rpm" version="1.2.10">
					<filename>alsa-topology-1.2.10-4.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="alsa-ucm" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/alsa-ucm-1.2.10-4.ky11.noarch.rpm" version="1.2.10">
					<filename>alsa-ucm-1.2.10-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1213</id>
		<title>关于 avahi 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:13"/>
		<updated date="2026-05-25 18:17:52"/>
		<severity>Moderate</severity>
		<description>关于 avahi 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68276" id="CVE-2025-68276" severity="Moderate" severity_desc="中风险" title="Avahi存在安全漏洞，该漏洞源于未授权本地用户可通过D-Bus创建记录浏览器，可能导致avahi-daemon崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68468" id="CVE-2025-68468" severity="Moderate" severity_desc="中风险" title="Avahi存在安全漏洞，该漏洞源于发送包含指向短TTL资源记录的CNAME资源记录的未经请求公告，可能导致avahi-daemon崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68471" id="CVE-2025-68471" severity="Moderate" severity_desc="中风险" title="Avahi组件存在拒绝服务漏洞，该漏洞源于在处理间隔2秒发送的两条包含CNAME资源记录的主动公告时未正确校验，导致avahi-daemon服务崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24401" id="CVE-2026-24401" severity="Moderate" severity_desc="中风险" title="Avahi的avahi-daemon组件中的lookup_handle_cname函数存在递归CNAME记录处理不当漏洞，该漏洞源于在处理未请求的mDNS响应时，未能有效检测和阻止包含自引用递归CNAME记录（如别名和规范名称指向相同域名“h.local”）的数据包，导致函数发生无界递归调用，最终引发栈耗尽和进程崩溃。攻击者可通过发送特制的mDNS响应数据包，在设置了AVAHI_LOOKUP_USE_MULTICAST标志的记录浏览器（包括nss-mdns使用的解析器创建的记录浏览器）上触发此漏洞，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="avahi" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-autoipd" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-autoipd-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-autoipd-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-compat-howl" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-compat-howl-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-compat-howl-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-compat-howl-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-compat-howl-devel-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-compat-howl-devel-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-compat-libdns_sd" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-compat-libdns_sd-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-compat-libdns_sd-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-compat-libdns_sd-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-compat-libdns_sd-devel-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-compat-libdns_sd-devel-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-devel-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-devel-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-dnsconfd" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-dnsconfd-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-dnsconfd-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-glib" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-glib-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-glib-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-glib-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-glib-devel-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-glib-devel-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-gobject" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-gobject-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-gobject-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-gobject-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-gobject-devel-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-gobject-devel-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="avahi-help" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-help-0.8-28.ky11.noarch.rpm" version="0.8">
					<filename>avahi-help-0.8-28.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-libs" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-libs-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-libs-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-tools" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-tools-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-tools-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-ui" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-ui-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-ui-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-ui-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-ui-devel-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-ui-devel-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-ui-gtk3" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-ui-gtk3-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-ui-gtk3-0.8-28.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="avahi-ui-tools" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/avahi-ui-tools-0.8-28.ky11.x86_64.rpm" version="0.8">
					<filename>avahi-ui-tools-0.8-28.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1215</id>
		<title>关于 brotli 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:15"/>
		<updated date="2026-05-25 18:18:47"/>
		<severity>Important</severity>
		<description>关于 brotli 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-6176" id="CVE-2025-6176" severity="Important" severity_desc="高风险" title="Scrapy 2.13.2及之前版本存在资源管理错误漏洞，该漏洞源于brotli解压实现存在缺陷，可能导致拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="brotli" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/brotli-1.1.0-2.ky11.x86_64.rpm" version="1.1.0">
					<filename>brotli-1.1.0-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="brotli-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/brotli-devel-1.1.0-2.ky11.x86_64.rpm" version="1.1.0">
					<filename>brotli-devel-1.1.0-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="brotli-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/brotli-help-1.1.0-2.ky11.noarch.rpm" version="1.1.0">
					<filename>brotli-help-1.1.0-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-brotli" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-brotli-1.1.0-2.ky11.x86_64.rpm" version="1.1.0">
					<filename>python3-brotli-1.1.0-2.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1217</id>
		<title>关于 compat-openssl11 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:16"/>
		<updated date="2026-05-25 18:19:10"/>
		<severity>Important</severity>
		<description>关于 compat-openssl11 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-13176" id="CVE-2024-13176" severity="Moderate" severity_desc="中风险" title="OpenSSL组件在ECDSA签名计算过程中存在定时侧信道漏洞，该漏洞源于当ECDSA签名中nonce值的最高位为零时，会泄露约300纳秒的定时信号。攻击者可利用此时间差信息恢复私钥，但需要具备本地访问权限或极低延迟的高速网络连接才能测量到这一微弱的时间差异。该漏洞主要影响NIST P-521椭圆曲线，FIPS模块版本3.4、3.3、3.2、3.1和3.0均受此问题影响，整体安全风险被评估为低危。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68160" id="CVE-2025-68160" severity="Moderate" severity_desc="中风险" title="OpenSSL的BIO_f_linebuffer行缓冲过滤器在处理包含大量无换行符数据且后续BIO执行短写入操作的BIO链时，存在堆越界写入漏洞。该漏洞源于对缓冲区边界校验不足，可能导致内存损坏，进而引发应用程序崩溃，造成拒绝服务。在OpenSSL命令行应用中，此过滤器通常仅在VMS系统上推送到stdout/stderr；第三方应用若显式使用此过滤器且攻击者可控制写入大量无换行符数据，则可能受影响，但实际攻击场景难以被攻击者控制，故评估为低严重性。OpenSSL 3.6、3.5、3.4、3.3、3.0、1.1.1和1.0.2版本受影响，FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69418" id="CVE-2025-69418" severity="Moderate" severity_desc="中风险" title="OpenSSL的硬件加速代码路径中的低级别OCB API（CRYPTO_ocb128_encrypt()和CRYPTO_ocb128_decrypt()函数）存在逻辑缺陷，该漏洞源于在处理长度非16字节倍数的输入时，函数在处理完完整的16字节块后未能正确更新输入/输出指针，导致后续的尾部处理代码重复处理缓冲区开头的数据，而实际尾部字节（1-15字节）未被加密和认证。这可能导致加密时消息尾部字节以明文形式泄露，且这些字节不受认证标签保护，攻击者能够读取或篡改这些字节而不被检测到。使用高级EVP接口或TLS的应用不受影响，仅直接影响调用低级别OCB函数的应用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69419" id="CVE-2025-69419" severity="Important" severity_desc="高风险" title="OpenSSL组件中的PKCS12_get_friendlyname()函数在处理恶意构造的PKCS#12文件时存在安全漏洞，该漏洞源于OPENSSL_uni2utf8()函数在将BMPString（UTF-16BE）转换为UTF-8的过程中，在第二遍转换时错误地将剩余源字节数作为目标缓冲区容量传递给UTF8_putc()函数。当遇到高于U+07FF的BMP码点时，UTF-8需要三个字节编码，但传递的容量可能仅为两个字节，导致UTF8_putc()返回-1，并被错误地加到输出长度中，使得长度变为负数，随后在负偏移处写入结尾NUL字节，造成堆外写入。攻击者可通过提供恶意PKCS#12文件触发此漏洞，可能导致内存损坏和拒绝服务（Denial of Service）。值得注意的是，FIPS模块不受此漏洞影响，而OpenSSL 3.6、3.5、3.4、3.3、3.0和1.1.1版本均受影响，1.0.2版本则不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69420" id="CVE-2025-69420" severity="Important" severity_desc="高风险" title="OpenSSL的ossl_ess_get_signing_cert()和ossl_ess_get_signing_cert_v2()函数在验证时间戳响应（TimeStamp Response）时存在类型混淆漏洞，该漏洞源于在处理签名证书属性值时未对其ASN1_TYPE类型进行正确校验，导致直接以错误的类型访问ASN1_TYPE联合体成员。攻击者可以通过向调用TS_RESP_verify_response()函数的应用程序提供恶意构造的时间戳响应响应，触发无效或空指针解引用，从而导致应用程序崩溃并造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69421" id="CVE-2025-69421" severity="Important" severity_desc="高风险" title="OpenSSL的PKCS12_item_decrypt_d2i_ex()函数在处理恶意构造的PKCS#12文件时存在空指针解引用漏洞。该漏洞源于该函数在被PKCS12_unpack_p7encdata()调用时，未对传入的oct参数进行空值校验便直接进行解引用操作。攻击者可以通过向应用程序提供特制的畸形PKCS#12文件，诱导程序触发崩溃，从而导致拒绝服务（DoS）。该漏洞仅限于可用性影响，无法用于获取权限或泄露敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9230" id="CVE-2025-9230" severity="Important" severity_desc="高风险" title="OpenSSL 存在一个与 CMS消息中基于密码的加密功能相关的内存安全漏洞，该漏洞可能导致越界读取和越界写入操作，从而引发拒绝服务" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22795" id="CVE-2026-22795" severity="Moderate" severity_desc="中风险" title="OpenSSL组件在处理畸形的PKCS#12文件时存在安全漏洞，该漏洞源于PKCS#12解析代码中存在类型混淆问题，在未验证类型的情况下访问了ASN1_TYPE联合体成员，导致无效指针读取。攻击者可构造恶意的PKCS#12文件，诱使应用程序处理该文件从而触发空指针或无效指针解引用，造成内存读取异常，最终导致应用程序崩溃，引发拒绝服务攻击。由于该漏洞需要用户或应用程序主动处理恶意文件，且PKCS#12文件通常用于存储受信任的私钥，因此实际利用难度较高。漏洞影响OpenSSL 3.6、3.5、3.4、3.3、3.0和1.1.1版本，而OpenSSL 1.0.2及FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22796" id="CVE-2026-22796" severity="Moderate" severity_desc="中风险" title="OpenSSL的PKCS#7签名验证功能存在类型混淆漏洞，该漏洞源于`PKCS7_digest_from_attributes()`函数在处理签名的PKCS#7数据时，未验证ASN1_TYPE联合体成员的类型便直接访问，当处理畸形的PKCS#7数据时，可能导致解引用无效或空指针，从而引发应用程序崩溃并造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28387" id="CVE-2026-28387" severity="Low" severity_desc="低风险" title="OpenSSL客户端在处理DANE TLSA记录时存在释放后重用/双重释放漏洞，该漏洞源于对特定配置的TLSA记录（同时包含PKIX-TA(0)/PKIX-EE(1)和DANE-TA(2)证书用途）未正确管理内存。可能导致数据损坏、应用程序崩溃或执行任意代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28388" id="CVE-2026-28388" severity="Important" severity_desc="高风险" title="OpenSSL组件在处理包含Delta CRL Indicator扩展的增量CRL时，若缺少必需的CRL Number扩展，可能发生空指针解引用。该漏洞源于在X.509证书验证过程中启用CRL和增量CRL处理时，未检查CRL Number扩展是否为空便直接对其进行解引用。当应用程序处理恶意构造的增量CRL文件时，可触发空指针解引用，导致应用程序崩溃，从而引发拒绝服务攻击。攻击者需使能X509_V_FLAG_USE_DELTAS标志、目标证书含freshestCRL扩展或基础CRL设置EXFLAG_FRESHEST标志，并向应用提供畸形CRL才能成功利用此漏洞。该漏洞仅限于造成拒绝服务，无法升级为代码执行或内存泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28389" id="CVE-2026-28389" severity="Important" severity_desc="高风险" title="OpenSSL组件在处理构造的CMS EnvelopedData消息时存在空指针解引用漏洞，该漏洞源于在使用KeyAgreeRecipientInfo处理过程中未检查可选参数字段是否存在即直接访问，导致当字段缺失时发生空指针解引用。攻击者可通过向调用CMS_decrypt()函数的应用程序（如S/MIME处理或基于CMS的协议）提供恶意构造的CMS数据，在认证或加密操作之前触发应用程序崩溃，从而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28390" id="CVE-2026-28390" severity="Important" severity_desc="高风险" title="OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。
OpenSSL存在安全漏洞，该漏洞源于处理特制的使用KeyTransportRecipientInfo的CMS EnvelopedData消息时可能导致空指针取消引用，可能导致应用程序崩溃和拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="compat-openssl11-devel" release="13.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/compat-openssl11-devel-1.1.1m-13.p03.ky11.x86_64.rpm" version="1.1.1m">
					<filename>compat-openssl11-devel-1.1.1m-13.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="compat-openssl11-libs" release="13.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/compat-openssl11-libs-1.1.1m-13.p03.ky11.x86_64.rpm" version="1.1.1m">
					<filename>compat-openssl11-libs-1.1.1m-13.p03.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1219</id>
		<title>关于 cpp-httplib 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:17"/>
		<updated date="2026-05-25 18:19:23"/>
		<severity>Important</severity>
		<description>关于 cpp-httplib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28434" id="CVE-2026-28434" severity="Moderate" severity_desc="中风险" title="cpp-httplib 是一个基于C++11的跨平台HTTP/HTTPS单文件头库。在0.35.0版本之前，当请求处理函数抛出C++异常且应用程序未通过set_exception_handler()注册自定义异常处理器时，库会捕获该异常并将异常消息直接写入名为EXCEPTION_WHAT的HTTP响应头中。此行为默认开启，无需特殊配置即可触发，也无需身份验证。攻击者可借此获取服务器内部异常信息，造成敏感信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28435" id="CVE-2026-28435" severity="Important" severity_desc="高风险" title="cpp-httplib库的`HandlerWithContentReader`（流式ContentReader）功能在处理使用`Content-Encoding: gzip`（或其他受支持编码）的请求时，存在请求载荷限制绕过漏洞，该漏洞源于库未对解压缩后的请求体强制执行`Server::set_payload_max_length()`函数设置的最大载荷长度限制。攻击者可利用此漏洞通过发送一个较小的压缩载荷，使其在解压后超出配置的限制并被应用程序处理，从而绕过载荷大小限制，可能导致服务端资源（CPU/内存）耗尽，引发拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="cpp-httplib" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cpp-httplib-0.22.0-2.p01.ky11.x86_64.rpm" version="0.22.0">
					<filename>cpp-httplib-0.22.0-2.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="cpp-httplib-devel" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cpp-httplib-devel-0.22.0-2.p01.ky11.x86_64.rpm" version="0.22.0">
					<filename>cpp-httplib-devel-0.22.0-2.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1220</id>
		<title>关于 cups 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:17"/>
		<updated date="2026-05-25 18:19:36"/>
		<severity>Moderate</severity>
		<description>关于 cups 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27447" id="CVE-2026-27447" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.16及之前版本存在安全漏洞，该漏洞源于授权检查时用户名比较不区分大小写，可能导致授权绕过。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34978" id="CVE-2026-34978" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS 2.4.16 及之前版本的 RSS 通知模块存在路径遍历漏洞，该漏洞源于在处理 notify-recipient-uri 参数时未正确限制路径跳转（如允许使用..），使得远程 IPP 客户端能够将 RSS XML 数据写入 CacheDir/rss 目录之外的任意 lp 用户可写位置。由于 CacheDir 默认具有组写权限，以 lp 用户运行的通知进程可以通过临时文件加重命名的方式替换 root 管理的状态文件。攻击者可通过构造恶意 URI 覆盖关键缓存文件，导致 cupsd 重启后无法解析作业缓存，造成已排队作业丢失，引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34979" id="CVE-2026-34979" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.16及之前版本存在安全漏洞，该漏洞源于CUPS调度程序在从作业属性构建过滤器选项字符串时存在基于堆的缓冲区溢出。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34980" id="CVE-2026-34980" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS的cupsd模块在共享目标队列配置下存在打印作业认证绕过漏洞，该漏洞源于未验证客户端身份。攻击者可向共享PostScript队列发送未认证的Print-Job请求，服务器接受包含换行符的页面边框值，并在解析过程中将恶意构造的第二行PPD文本误认为受信任的调度器控制记录。后续原始打印作业可导致服务器以lp权限执行攻击者指定的现有二进制文件。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39314" id="CVE-2026-39314" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS的cups/ppd-cache.c文件中的_ppdCreateFromIPP()函数存在整数下溢漏洞，该漏洞源于对job-password-supported IPP属性值的边界检查不完整，仅限制了上限而未对负值进行校验。当本地低权限用户提供负值的job-password-supported属性时，该负值通过验证后被转换为size_t类型（导致数值回绕至约2^64），并作为memset()函数的长度参数作用于33字节的栈缓冲区，从而导致cupsd根进程立即发生SIGSEGV崩溃。结合systemd的Restart=on-failure配置，攻击者可重复触发崩溃以实现持续的拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39316" id="CVE-2026-39316" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.16及之前版本存在资源管理错误漏洞，该漏洞源于自动删除临时打印机时存在释放后重用问题，可能导致拒绝服务或代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41079" id="CVE-2026-41079" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.17之前版本存在缓冲区错误漏洞，该漏洞源于网络邻近攻击者可发送特制SNMP响应导致栈缓冲区越界读取，泄露的内存被转换为UTF-8并存储为打印机供应描述字符串，随后可通过IPP Get-Printer-Attributes响应和CUPS Web界面被认证用户查看。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="cups" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="cups-client" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-client-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-client-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="cups-devel" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-devel-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-devel-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="cups-filesystem" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-filesystem-2.4.7-6.se.02.p03.ky11.noarch.rpm" version="2.4.7">
					<filename>cups-filesystem-2.4.7-6.se.02.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="cups-help" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-help-2.4.7-6.se.02.p03.ky11.noarch.rpm" version="2.4.7">
					<filename>cups-help-2.4.7-6.se.02.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="cups-ipptool" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-ipptool-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-ipptool-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="cups-libs" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-libs-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-libs-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="cups-lpd" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-lpd-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-lpd-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="cups-printerapp" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cups-printerapp-2.4.7-6.se.02.p03.ky11.x86_64.rpm" version="2.4.7">
					<filename>cups-printerapp-2.4.7-6.se.02.p03.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1221</id>
		<title>关于 dav1d 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:18"/>
		<updated date="2026-05-25 18:19:49"/>
		<severity>Moderate</severity>
		<description>关于 dav1d 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-1580" id="CVE-2024-1580" severity="Moderate" severity_desc="中风险" title="dav1d AV1解码器在解码大尺寸视频帧时存在整数溢出漏洞，该漏洞源于对视频帧尺寸的整数运算未进行正确校验，导致在处理特定构造的视频数据时可能发生内存损坏。攻击者可通过诱使用户解码恶意视频文件触发该漏洞，可能导致信息泄露或系统崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="dav1d" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/dav1d-0.5.2-4.ky11.x86_64.rpm" version="0.5.2">
					<filename>dav1d-0.5.2-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libdav1d" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libdav1d-0.5.2-4.ky11.x86_64.rpm" version="0.5.2">
					<filename>libdav1d-0.5.2-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libdav1d-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libdav1d-devel-0.5.2-4.ky11.x86_64.rpm" version="0.5.2">
					<filename>libdav1d-devel-0.5.2-4.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1222</id>
		<title>关于 editorconfig 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:19"/>
		<updated date="2026-05-25 18:20:03"/>
		<severity>Important</severity>
		<description>关于 editorconfig 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40489" id="CVE-2026-40489" severity="Important" severity_desc="高风险" title="editorconfig-core-c 的 ec_glob() 函数存在栈缓冲区溢出漏洞，该漏洞源于对 CVE-2023-0341 的修复不完整，仅保护了 pcre_str 缓冲区，而未对相邻的 l_pattern[8194] 栈缓冲区进行同等保护。攻击者可通过提供特制的目录结构和 .editorconfig 文件，利用该漏洞导致任何使用 libeditorconfig 的应用程序崩溃，在 Ubuntu 24.04 上，FORTIFY_SOURCE 会将溢出转换为 SIGABRT（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="editorconfig" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/editorconfig-0.12.6-3.ky11.x86_64.rpm" version="0.12.6">
					<filename>editorconfig-0.12.6-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="editorconfig-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/editorconfig-devel-0.12.6-3.ky11.x86_64.rpm" version="0.12.6">
					<filename>editorconfig-devel-0.12.6-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="editorconfig-libs" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/editorconfig-libs-0.12.6-3.ky11.x86_64.rpm" version="0.12.6">
					<filename>editorconfig-libs-0.12.6-3.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1235</id>
		<title>关于 expat 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:32"/>
		<updated date="2026-05-25 18:22:41"/>
		<severity>Low</severity>
		<description>关于 expat 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32776" id="CVE-2026-32776" severity="Moderate" severity_desc="中风险" title="libexpat的XML解析器在处理空外部参数实体内容时存在空指针解引用漏洞，该漏洞源于对空外部参数实体内容的处理逻辑存在缺陷，未正确校验指针有效性。可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32777" id="CVE-2026-32777" severity="Moderate" severity_desc="中风险" title="libexpat库在解析DTD内容时存在无限循环漏洞，攻击者可构造恶意的DTD内容触发该漏洞，导致程序陷入无限循环，从而引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32778" id="CVE-2026-32778" severity="Low" severity_desc="低风险" title="libexpat的setContext函数在先前内存不足（out-of-memory）条件后的重试过程中存在空指针解引用漏洞，该漏洞源于在内存分配失败后未正确检查指针有效性，可能导致程序崩溃，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41080" id="CVE-2026-41080" severity="Low" severity_desc="低风险" title="libexpat的XML解析器存在熵不足漏洞，该漏洞源于libexpat 2.7.6之前版本在生成哈希值时使用了不足的随机熵，导致攻击者可通过特制的XML文档触发哈希冲突攻击，进而造成服务端拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="expat" release="18.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/expat-2.5.0-18.ky11.x86_64.rpm" version="2.5.0">
					<filename>expat-2.5.0-18.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="expat-devel" release="18.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/expat-devel-2.5.0-18.ky11.x86_64.rpm" version="2.5.0">
					<filename>expat-devel-2.5.0-18.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="expat-help" release="18.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/expat-help-2.5.0-18.ky11.noarch.rpm" version="2.5.0">
					<filename>expat-help-2.5.0-18.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1236</id>
		<title>关于 firewalld 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:33"/>
		<updated date="2026-05-25 18:22:58"/>
		<severity>Moderate</severity>
		<description>关于 firewalld 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4948" id="CVE-2026-4948" severity="Moderate" severity_desc="中风险" title="firewalld的D-Bus运行时设置器setZoneSettings2和setPolicySettings存在授权不当漏洞，该漏洞源于对本地非特权用户的权限校验不充分，导致用户无需正确认证即可修改运行时防火墙状态，进而可能造成网络安全配置被未授权更改。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="firewall-config" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/firewall-config-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewall-config-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/firewalld-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld-doc" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/firewalld-doc-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-doc-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld-filesystem" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/firewalld-filesystem-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-filesystem-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld-test" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/firewalld-test-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-test-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-firewall" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-firewall-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>python3-firewall-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1240</id>
		<title>关于 giflib 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:37"/>
		<updated date="2026-05-25 17:55:08"/>
		<severity>Moderate</severity>
		<description>关于 giflib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23868" id="CVE-2026-23868" severity="Moderate" severity_desc="中风险" title="Giflib库中的GifMakeSavedImage函数由于浅拷贝和错误处理不当，导致存在双重释放漏洞。攻击者在特定条件下可能触发该漏洞，造成内存损坏，进而引发应用程序崩溃或潜在的任意代码执行风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="giflib" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/giflib-5.2.2-3.p01.ky11.x86_64.rpm" version="5.2.2">
					<filename>giflib-5.2.2-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="giflib-devel" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/giflib-devel-5.2.2-3.p01.ky11.x86_64.rpm" version="5.2.2">
					<filename>giflib-devel-5.2.2-3.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="giflib-help" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/giflib-help-5.2.2-3.p01.ky11.noarch.rpm" version="5.2.2">
					<filename>giflib-help-5.2.2-3.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="giflib-utils" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/giflib-utils-5.2.2-3.p01.ky11.x86_64.rpm" version="5.2.2">
					<filename>giflib-utils-5.2.2-3.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1249</id>
		<title>关于 golang 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:49"/>
		<updated date="2026-05-25 18:29:04"/>
		<severity>Important</severity>
		<description>关于 golang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27140" id="CVE-2026-27140" severity="Important" severity_desc="高风险" title="Golang 在处理包含 'cgo' 的 SWIG 文件时存在安全漏洞，该漏洞源于构建过程中未能正确校验文件名及载荷内容，导致攻击者可通过构造恶意的 SWIG 文件实现代码走私，并在编译阶段执行任意代码。此问题根本原因为信任层被绕过，使得不受信的代码得以在构建时被执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27143" id="CVE-2026-27143" severity="Important" severity_desc="高风险" title="Golang编译器在处理循环中的归纳变量算术运算时存在检查缺失漏洞，该漏洞源于未正确校验变量是否发生溢出或下溢。编译器允许可能产生无效索引的代码通过检查，导致运行时发生内存越界访问。可能导致内存破坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27144" id="CVE-2026-27144" severity="Important" severity_desc="高风险" title="Google Go存在安全漏洞，该漏洞源于无操作接口转换阻止编译器正确确定非重叠移动，可能导致运行时内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32288" id="CVE-2026-32288" severity="Moderate" severity_desc="中风险" title="Go语言标准库中的tar.Reader模块存在拒绝服务漏洞，该漏洞源于处理包含大量&quot;旧GNU稀疏映射&quot;格式稀疏区域的恶意归档文件时，未限制内存分配量。可能导致程序分配超出预期的内存量，造成内存耗尽或拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="golang" release="45.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/golang-1.21.4-45.p01.ky11.x86_64.rpm" version="1.21.4">
					<filename>golang-1.21.4-45.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="golang-devel" release="45.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/golang-devel-1.21.4-45.p01.ky11.x86_64.rpm" version="1.21.4">
					<filename>golang-devel-1.21.4-45.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="golang-help" release="45.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/golang-help-1.21.4-45.p01.ky11.noarch.rpm" version="1.21.4">
					<filename>golang-help-1.21.4-45.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1250</id>
		<title>关于 grub2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:50"/>
		<updated date="2026-05-25 18:29:16"/>
		<severity>Moderate</severity>
		<description>关于 grub2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61661" id="CVE-2025-61661" severity="Moderate" severity_desc="中风险" title="GRUB（Grand Unified Bootloader）组件在处理USB设备信息时存在缓冲区错误漏洞，该漏洞源于引导加载程序在读取USB设备信息时未正确处理字符串转换，导致长度值不一致。本地攻击者可在引导序列期间连接特制的USB设备以触发此问题，成功利用可能导致GRUB崩溃，进而引发拒绝服务。虽然也可能造成数据损坏，但鉴于利用的复杂性，影响范围有限。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="1" name="grub2-common" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-common-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-common-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-aa64-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-aa64-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-aa64-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-aa64-trust-measure-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-aa64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-aa64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-loongarch64-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-loongarch64-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-loongarch64-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-loongarch64-trust-measure-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-loongarch64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-loongarch64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-efi-x64" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-x64-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-efi-x64-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-efi-x64-cdboot" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-x64-cdboot-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-efi-x64-cdboot-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-x64-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-x64-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-x64-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-x64-trust-measure-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-efi-x64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-x64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-help" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-help-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-help-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-pc" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-pc-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-pc-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-pc-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-pc-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-pc-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-tools" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-tools-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-tools-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-tools-efi" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-tools-efi-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-tools-efi-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-tools-extra" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-tools-extra-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-tools-extra-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="grub2-tools-minimal" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/grub2-tools-minimal-2.12-41.p03.se.02.ky11.x86_64.rpm" version="2.12">
					<filename>grub2-tools-minimal-2.12-41.p03.se.02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1251</id>
		<title>关于 gstreamer1-plugins-base 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:51"/>
		<updated date="2026-06-01 16:25:47"/>
		<severity>Important</severity>
		<description>关于 gstreamer1-plugins-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-2921" id="CVE-2026-2921" severity="Important" severity_desc="高风险" title="GStreamer多媒体框架在处理AVI文件中的RIFF调色板数据时存在整数溢出漏洞，该漏洞源于程序在处理用户提供的调色板数据时未进行充分的边界校验。攻击者可构造恶意的AVI文件，诱使用户或应用程序使用受影响的GStreamer库进行解析，从而触发整数溢出并最终实现在当前进程上下文中执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="gstreamer1-plugins-base" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-base-1.22.5-4.ky11.x86_64.rpm" version="1.22.5">
					<filename>gstreamer1-plugins-base-1.22.5-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gstreamer1-plugins-base-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-base-devel-1.22.5-4.ky11.x86_64.rpm" version="1.22.5">
					<filename>gstreamer1-plugins-base-devel-1.22.5-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gstreamer1-plugins-base-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-base-help-1.22.5-4.ky11.noarch.rpm" version="1.22.5">
					<filename>gstreamer1-plugins-base-help-1.22.5-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1252</id>
		<title>关于 gstreamer1-plugins-good 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:51"/>
		<updated date="2026-05-25 18:29:29"/>
		<severity>Moderate</severity>
		<description>关于 gstreamer1-plugins-good 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1940" id="CVE-2026-1940" severity="Moderate" severity_desc="中风险" title="GStreamer的WAV解析模块中的gst_wavparse_adtl_chunk()函数存在越界读取漏洞，该漏洞源于对CVE-2024-47778的修复不完整。补丁添加了lsize + 8 &gt; size的大小验证检查，但未考虑实际偏移计算中使用的GST_ROUND_UP_2(lsize)宏。当lsize为奇数时，解析器前进的字节数超过已验证的范围，导致越界读取。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="gstreamer1-plugins-good" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-good-1.20.3-8.ky11.x86_64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-1.20.3-8.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gstreamer1-plugins-good-extras" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-good-extras-1.20.3-8.ky11.x86_64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-extras-1.20.3-8.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gstreamer1-plugins-good-gtk" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-good-gtk-1.20.3-8.ky11.x86_64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-gtk-1.20.3-8.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gstreamer1-plugins-good-qt" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gstreamer1-plugins-good-qt-1.20.3-8.ky11.x86_64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-qt-1.20.3-8.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1258</id>
		<title>关于 ImageMagick 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:56"/>
		<updated date="2026-05-25 18:31:12"/>
		<severity>Moderate</severity>
		<description>关于 ImageMagick 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42050" id="CVE-2026-42050" severity="Moderate" severity_desc="中风险" title="ImageMagick组件中的XTileImage函数存在栈缓冲区溢出漏洞，该漏洞源于在处理图像数据时未能正确验证输入长度，导致攻击者可以通过构造恶意的图像文件触发栈溢出，可能造成任意代码执行或程序崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="ImageMagick" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ImageMagick-7.1.2.21-1.ky11.x86_64.rpm" version="7.1.2.21">
					<filename>ImageMagick-7.1.2.21-1.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="ImageMagick-c++" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ImageMagick-c++-7.1.2.21-1.ky11.x86_64.rpm" version="7.1.2.21">
					<filename>ImageMagick-c++-7.1.2.21-1.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="ImageMagick-c++-devel" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ImageMagick-c++-devel-7.1.2.21-1.ky11.x86_64.rpm" version="7.1.2.21">
					<filename>ImageMagick-c++-devel-7.1.2.21-1.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="ImageMagick-devel" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ImageMagick-devel-7.1.2.21-1.ky11.x86_64.rpm" version="7.1.2.21">
					<filename>ImageMagick-devel-7.1.2.21-1.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="ImageMagick-help" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ImageMagick-help-7.1.2.21-1.ky11.noarch.rpm" version="7.1.2.21">
					<filename>ImageMagick-help-7.1.2.21-1.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="ImageMagick-perl" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ImageMagick-perl-7.1.2.21-1.ky11.x86_64.rpm" version="7.1.2.21">
					<filename>ImageMagick-perl-7.1.2.21-1.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1260</id>
		<title>关于 jq 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:50:58"/>
		<updated date="2026-05-25 18:31:43"/>
		<severity>Important</severity>
		<description>关于 jq 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39979" id="CVE-2026-39979" severity="Moderate" severity_desc="中风险" title="jq 是一个命令行 JSON 处理器。在 2f09060afab23fe9390cce7cb860b10416e1bf5f 版本之前的提交中，libjq 库中的 jv_parse_sized() API 接受一个带有显式长度参数的计数缓冲区，但在其错误处理路径中使用 jv_string_fmt() 格式化输入缓冲区时采用 %s 方式，错误构建逻辑会在缓冲区末尾之后执行越界读取，可能导致内存信息泄露或进程终止。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="jq" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jq-1.8.0-3.ky11.x86_64.rpm" version="1.8.0">
					<filename>jq-1.8.0-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="jq-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jq-devel-1.8.0-3.ky11.x86_64.rpm" version="1.8.0">
					<filename>jq-devel-1.8.0-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jq-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jq-help-1.8.0-3.ky11.noarch.rpm" version="1.8.0">
					<filename>jq-help-1.8.0-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1278</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:11"/>
		<updated date="2026-05-20 12:48:34"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43500" id="CVE-2026-43500" severity="Important" severity_desc="高风险" title="RxRPC 页面缓存写入漏洞：在 RxRPC 协议的 RXKAD 安全类验证路径中，rxkad_verify_packet_1() 函数对 splice 植入的页面缓存 frag 执行原地 pcbc(fcrypt) 解密，导致 8 字节的页面缓存写入。攻击者通过暴力搜索 fcrypt 密钥，控制写入内容，篡改 /etc/passwd 的 root 条目，绕过 PAM 认证获得 root 权限。此漏洞无需创建用户命名空间即可触发。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-46300" id="CVE-2026-46300" severity="Important" severity_desc="高风险" title="Fragnesia 是一个 Linux 内核本地权限提升漏洞。该漏洞源于内核在合并 socket 缓冲区时未能正确传播共享分片标记，导致攻击者可将只读文件的页缓存误当作 ESP 密文进行解密。攻击者首先创建用户与网络命名空间，在隔离环境中获取 CAP_NET_ADMIN 权限，然后通过 NETLINK_XFRM 接口安装精心构造的 ESP 安全关联，反复触发对缓存文件页面的受控单字节写入。最终在目标文件头部注入提权代码，从而获得 root 权限。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-46333" id="CVE-2026-46333" severity="Important" severity_desc="高风险" title="该漏洞源于Linux内核ptrace访问控制逻辑中的__ptrace_may_access()函数缺陷。这套机制本应限制进程间的相互检视与交互，但内核&quot;dumpability&quot;检查存在的逻辑缺陷会引发危险的竞态条件。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="bpftool" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bpftool-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>bpftool-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-abi-stablelists-6.6.0-32.17.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-32.17.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-core" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-core-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-cross-headers" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel-matched" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-matched-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-doc-6.6.0-32.17.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-32.17.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-headers" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-headers-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-ipaclones-internal" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-ipaclones-internal-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-extra" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-internal" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-selftests-internal" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-selftests-internal-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs-devel" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="perf" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perf-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-perf" release="32.17.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-perf-6.6.0-32.17.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-32.17.v2505.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1280</id>
		<title>关于 krb5 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:14"/>
		<updated date="2026-05-25 18:31:57"/>
		<severity>Moderate</severity>
		<description>关于 krb5 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40356" id="CVE-2026-40356" severity="Moderate" severity_desc="中风险" title="MIT Kerberos 5 (krb5)的gss_accept_sec_context()函数在处理已注册NegoEx机制的系统中存在整数下溢漏洞，该漏洞源于对消息解析时未正确校验数据长度，导致整数下溢并引发越界读取。未经身份验证的远程攻击者可利用此漏洞触发parse_message函数中的进程终止，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="krb5" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-1.21.2-20.p01.ky11.x86_64.rpm" version="1.21.2">
					<filename>krb5-1.21.2-20.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="krb5-client" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-client-1.21.2-20.p01.ky11.x86_64.rpm" version="1.21.2">
					<filename>krb5-client-1.21.2-20.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="krb5-devel" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-devel-1.21.2-20.p01.ky11.x86_64.rpm" version="1.21.2">
					<filename>krb5-devel-1.21.2-20.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="krb5-help" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-help-1.21.2-20.p01.ky11.noarch.rpm" version="1.21.2">
					<filename>krb5-help-1.21.2-20.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="krb5-kycompat" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-kycompat-1.21.2-20.p01.ky11.x86_64.rpm" version="1.21.2">
					<filename>krb5-kycompat-1.21.2-20.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="krb5-libs" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-libs-1.21.2-20.p01.ky11.x86_64.rpm" version="1.21.2">
					<filename>krb5-libs-1.21.2-20.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="krb5-server" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/krb5-server-1.21.2-20.p01.ky11.x86_64.rpm" version="1.21.2">
					<filename>krb5-server-1.21.2-20.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1283</id>
		<title>关于 lcms2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:19"/>
		<updated date="2026-05-25 18:32:12"/>
		<severity>Moderate</severity>
		<description>关于 lcms2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41254" id="CVE-2026-41254" severity="Moderate" severity_desc="中风险" title="Little CMS (lcms2) 2.18及之前版本中的cmslut.c文件在CubeSize函数中存在整数溢出漏洞，该漏洞源于在执行乘法运算之后才进行溢出检查，导致攻击者可能通过构造恶意的输入数据触发异常行为，进而可能引发拒绝服务或信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42798" id="CVE-2026-42798" severity="Moderate" severity_desc="中风险" title="Little CMS (lcms2)的cmscgats.c文件中的ParseCube函数存在整数溢出漏洞，该漏洞源于对输入数据长度校验不足，在处理特定数据时可能发生整数溢出。攻击者可利用该漏洞导致信息泄露或拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="lcms2" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/lcms2-2.16-3.ky11.x86_64.rpm" version="2.16">
					<filename>lcms2-2.16-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="lcms2-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/lcms2-devel-2.16-3.ky11.x86_64.rpm" version="2.16">
					<filename>lcms2-devel-2.16-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="lcms2-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/lcms2-help-2.16-3.ky11.noarch.rpm" version="2.16">
					<filename>lcms2-help-2.16-3.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="lcms2-utils" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/lcms2-utils-2.16-3.ky11.x86_64.rpm" version="2.16">
					<filename>lcms2-utils-2.16-3.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1288</id>
		<title>关于 libarchive 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:22"/>
		<updated date="2026-05-25 18:33:10"/>
		<severity>Important</severity>
		<description>关于 libarchive 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4424" id="CVE-2026-4424" severity="Important" severity_desc="高风险" title="libarchive是libarchive开源的一款多格式存档和压缩库。
libarchive存在缓冲区错误漏洞，该漏洞源于RAR归档处理逻辑中存在堆越界读取，压缩方法转换后对LZSS滑动窗口大小的验证不当，可能导致远程攻击者通过特制RAR归档泄露敏感堆内存信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4426" id="CVE-2026-4426" severity="Moderate" severity_desc="中风险" title="libarchive是libarchive开源的一款多格式存档和压缩库。
libarchive存在安全漏洞，该漏洞源于zisofs解压缩逻辑中存在未定义行为，从ISO9660 Rock Ridge扩展中读取的pz_log2_bs字段验证不当，可能导致远程攻击者通过特制ISO文件造成内存分配错误和应用程序崩溃，引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5121" id="CVE-2026-5121" severity="Important" severity_desc="高风险" title="libarchive是libarchive开源的一款多格式存档和压缩库。
libarchive存在安全漏洞，该漏洞源于在32位系统上，zisofs块指针分配逻辑存在整数溢出，可能导致堆缓冲区溢出和执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="bsdcat" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdcat-3.7.1-11.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdcat-3.7.1-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="bsdcpio" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdcpio-3.7.1-11.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdcpio-3.7.1-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="bsdtar" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdtar-3.7.1-11.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdtar-3.7.1-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="bsdunzip" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bsdunzip-3.7.1-11.ky11.x86_64.rpm" version="3.7.1">
					<filename>bsdunzip-3.7.1-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libarchive" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libarchive-3.7.1-11.ky11.x86_64.rpm" version="3.7.1">
					<filename>libarchive-3.7.1-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libarchive-devel" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libarchive-devel-3.7.1-11.ky11.x86_64.rpm" version="3.7.1">
					<filename>libarchive-devel-3.7.1-11.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libarchive-help" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libarchive-help-3.7.1-11.ky11.noarch.rpm" version="3.7.1">
					<filename>libarchive-help-3.7.1-11.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1289</id>
		<title>关于 libgcrypt 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:22"/>
		<updated date="2026-05-25 18:33:22"/>
		<severity>Moderate</severity>
		<description>关于 libgcrypt 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41989" id="CVE-2026-41989" severity="Moderate" severity_desc="中风险" title="Libgcrypt的gcry_pk_decrypt函数在处理特制的ECDH密文时存在堆缓冲区溢出漏洞，该漏洞源于对输入数据长度及边界校验不充分，导致攻击者可能利用精心构造的密文触发堆缓冲区溢出，进而造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libgcrypt" release="3.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libgcrypt-1.10.2-3.p03.ky11.x86_64.rpm" version="1.10.2">
					<filename>libgcrypt-1.10.2-3.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libgcrypt-devel" release="3.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libgcrypt-devel-1.10.2-3.p03.ky11.x86_64.rpm" version="1.10.2">
					<filename>libgcrypt-devel-1.10.2-3.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libgcrypt-help" release="3.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libgcrypt-help-1.10.2-3.p03.ky11.noarch.rpm" version="1.10.2">
					<filename>libgcrypt-help-1.10.2-3.p03.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1290</id>
		<title>关于 libpng 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:24"/>
		<updated date="2026-05-25 18:33:34"/>
		<severity>Important</severity>
		<description>关于 libpng 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33416" id="CVE-2026-33416" severity="Important" severity_desc="高风险" title="LibPNG 是一个用于读取、创建和操作PNG格式图像文件的参考库。在 libpng 1.2.1–1.6.55 中，png_set_tRNS 与 png_set_PLTE 会在 png_struct 与 png_info 之间共享堆缓冲。释放这些缓冲时会留下悬空指针，后续代码可能访问已释放内存，导致内存破坏或崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33636" id="CVE-2026-33636" severity="Important" severity_desc="高风险" title="Libpng 是一个用于处理 PNG 图像文件的开源库。在 1.6.36 至 1.6.55 版本中，ARM/AArch64 Neon 优化的调色板扩展路径存在缓冲区越界读取和写入漏洞。当将 8 位调色板行扩展为 RGB 或 RGBA 格式时，Neon 循环在处理最后一个不完整块时未验证剩余像素数量是否足够。由于实现从行末尾反向处理，最后一次迭代会访问行缓冲区起始位置之前的内存（越界读取），并将展开的像素数据写入相同的位置（越界写入）。攻击者可通过构造恶意 PNG 文件，在启用 Neon 的设备上触发该漏洞，可能导致信息泄露或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34757" id="CVE-2026-34757" severity="Moderate" severity_desc="中风险" title="libpng 库存在释放后使用漏洞，该漏洞源于在处理 PNG 图像文件时，若将通过 png_get_PLTE、png_get_tRNS 或 png_get_hIST 获取的指针传回同一 png_struct/png_info 对的对应 setter 函数，setter 会在从调用者提供的指针复制内容之前释放内部缓冲区，导致指针悬空并读取已释放的内存。攻击者可利用此缺陷导致元数据静默损坏或堆内存内容泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="2" name="libpng" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpng-1.6.40-9.ky11.x86_64.rpm" version="1.6.40">
					<filename>libpng-1.6.40-9.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="libpng-devel" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpng-devel-1.6.40-9.ky11.x86_64.rpm" version="1.6.40">
					<filename>libpng-devel-1.6.40-9.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="libpng-help" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpng-help-1.6.40-9.ky11.noarch.rpm" version="1.6.40">
					<filename>libpng-help-1.6.40-9.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="libpng-static" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpng-static-1.6.40-9.ky11.x86_64.rpm" version="1.6.40">
					<filename>libpng-static-1.6.40-9.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="libpng-tools" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpng-tools-1.6.40-9.ky11.x86_64.rpm" version="1.6.40">
					<filename>libpng-tools-1.6.40-9.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1291</id>
		<title>关于 libsndfile 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:25"/>
		<updated date="2026-05-25 18:33:46"/>
		<severity>Moderate</severity>
		<description>关于 libsndfile 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-56226" id="CVE-2025-56226" severity="Moderate" severity_desc="中风险" title="Libsndfile的mpeg_l3_encode.c文件中的mpeg_l3_encoder_init()函数存在内存泄漏漏洞，该漏洞源于函数在特定条件下未能正确释放已分配的内存资源。可能导致系统资源消耗增加，影响服务可用性。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libsndfile" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsndfile-1.2.2-4.ky11.x86_64.rpm" version="1.2.2">
					<filename>libsndfile-1.2.2-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libsndfile-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsndfile-devel-1.2.2-4.ky11.x86_64.rpm" version="1.2.2">
					<filename>libsndfile-devel-1.2.2-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libsndfile-utils" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsndfile-utils-1.2.2-4.ky11.x86_64.rpm" version="1.2.2">
					<filename>libsndfile-utils-1.2.2-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsndfile-utils-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsndfile-utils-help-1.2.2-4.ky11.noarch.rpm" version="1.2.2">
					<filename>libsndfile-utils-help-1.2.2-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1292</id>
		<title>关于 libsodium 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:26"/>
		<updated date="2026-05-25 18:34:00"/>
		<severity>Moderate</severity>
		<description>关于 libsodium 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69277" id="CVE-2025-69277" severity="Moderate" severity_desc="中风险" title="libsodium组件在处理椭圆曲线点有效性检查时存在缺陷，该漏洞源于在crypto_core_ed25519_is_valid_point接口对椭圆曲线点未进行严格校验，导致攻击者可通过提供非主密码学群组的点，破坏加密算法的完整性，可能引发敏感信息泄露或加密通信失效。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libsodium" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsodium-1.0.19-2.ky11.x86_64.rpm" version="1.0.19">
					<filename>libsodium-1.0.19-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libsodium-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsodium-devel-1.0.19-2.ky11.x86_64.rpm" version="1.0.19">
					<filename>libsodium-devel-1.0.19-2.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1295</id>
		<title>关于 libsoup 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:27"/>
		<updated date="2026-05-25 18:39:59"/>
		<severity>Important</severity>
		<description>关于 libsoup 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5119" id="CVE-2026-5119" severity="Moderate" severity_desc="中风险" title="libsoup是GNOME项目的一款GNOME的HTTP客户端/服务器库。
libsoup存在安全漏洞，该漏洞源于通过配置的HTTP代理建立HTTPS隧道时，敏感会话cookie在初始HTTP CONNECT请求中以明文传输，可能导致会话劫持或用户冒充。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libsoup" release="10.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup-2.74.3-10.p03.ky11.x86_64.rpm" version="2.74.3">
					<filename>libsoup-2.74.3-10.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libsoup-devel" release="10.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup-devel-2.74.3-10.p03.ky11.x86_64.rpm" version="2.74.3">
					<filename>libsoup-devel-2.74.3-10.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup-help" release="10.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup-help-2.74.3-10.p03.ky11.noarch.rpm" version="2.74.3">
					<filename>libsoup-help-2.74.3-10.p03.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1296</id>
		<title>关于 libsoup3 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:28"/>
		<updated date="2026-05-25 18:40:11"/>
		<severity>Moderate</severity>
		<description>关于 libsoup3 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4476" id="CVE-2025-4476" severity="Moderate" severity_desc="中风险" title="在libsoup HTTP客户端库中发现了一个拒绝服务漏洞。当libsoup客户端接收到包含特定构造的domain参数的401（未授权）HTTP响应时，会触发此缺陷。处理这个格式错误的WWW-Authenticate头部可能导致使用libsoup的客户端应用程序崩溃。攻击者可以通过设置恶意HTTP服务器来利用此漏洞。如果用户的使用易受攻击的libsoup库的应用程序连接到该恶意服务器，则可能导致拒绝服务。成功利用需要诱使用户的客户端应用程序连接到攻击者的恶意服务器。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-46420" id="CVE-2025-46420" severity="Moderate" severity_desc="中风险" title="libsoup存在安全漏洞，该漏洞源于soup_header_parse_quality_list函数解析全零质量列表时存在内存泄漏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4969" id="CVE-2025-4969" severity="Moderate" severity_desc="中风险" title="在 libsoup 包中发现了一个漏洞。该漏洞源于其未能正确验证多部分 HTTP 消息的终止。这可能导致远程攻击者发送特制的多部分 HTTP 主体，从而使使用 libsoup 的服务器读取超出分配的内存边界（越界读取）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libsoup3" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup3-3.4.4-17.ky11.x86_64.rpm" version="3.4.4">
					<filename>libsoup3-3.4.4-17.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libsoup3-devel" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup3-devel-3.4.4-17.ky11.x86_64.rpm" version="3.4.4">
					<filename>libsoup3-devel-3.4.4-17.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup3-help" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libsoup3-help-3.4.4-17.ky11.noarch.rpm" version="3.4.4">
					<filename>libsoup3-help-3.4.4-17.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1297</id>
		<title>关于 libssh2 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:30"/>
		<updated date="2026-05-25 18:40:23"/>
		<severity>Important</severity>
		<description>关于 libssh2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-7598" id="CVE-2026-7598" severity="Important" severity_desc="高风险" title="libssh2的src/userauth.c文件中的userauth_password函数存在整数溢出漏洞，该漏洞源于对参数username_len和password_len的操纵导致整数溢出。攻击者可能远程利用此漏洞，导致部分机密性、完整性和可用性损失。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libssh2" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libssh2-1.11.0-6.ky11.x86_64.rpm" version="1.11.0">
					<filename>libssh2-1.11.0-6.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libssh2-devel" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libssh2-devel-1.11.0-6.ky11.x86_64.rpm" version="1.11.0">
					<filename>libssh2-devel-1.11.0-6.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libssh2-help" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libssh2-help-1.11.0-6.ky11.noarch.rpm" version="1.11.0">
					<filename>libssh2-help-1.11.0-6.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1298</id>
		<title>关于 libtasn1 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:30"/>
		<updated date="2026-05-25 18:40:36"/>
		<severity>Important</severity>
		<description>关于 libtasn1 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13151" id="CVE-2025-13151" severity="Important" severity_desc="高风险" title="libtasn1 v4.20.0版本存在安全漏洞，该漏洞源于asn1_expend_octet_string函数未验证输入数据大小，可能导致基于栈的缓冲区溢出。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libtasn1" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtasn1-4.19.0-3.ky11.x86_64.rpm" version="4.19.0">
					<filename>libtasn1-4.19.0-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libtasn1-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtasn1-devel-4.19.0-3.ky11.x86_64.rpm" version="4.19.0">
					<filename>libtasn1-devel-4.19.0-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libtasn1-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtasn1-help-4.19.0-3.ky11.noarch.rpm" version="4.19.0">
					<filename>libtasn1-help-4.19.0-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1299</id>
		<title>关于 libtheora 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:31"/>
		<updated date="2026-05-25 18:40:49"/>
		<severity>Moderate</severity>
		<description>关于 libtheora 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5673" id="CVE-2026-5673" severity="Moderate" severity_desc="中风险" title="libtheora组件存在堆越界读取漏洞，该漏洞源于在解析AVI（音频视频交错格式）文件时，avi_parse_input_file函数未能正确处理截断的头部子块。攻击者可诱使用户打开恶意构造的AVI文件，从而触发应用程序崩溃导致拒绝服务，或可能从堆中泄露敏感信息。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="libtheora" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtheora-1.1.1-29.ky11.x86_64.rpm" version="1.1.1">
					<filename>libtheora-1.1.1-29.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="libtheora-devel" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtheora-devel-1.1.1-29.ky11.x86_64.rpm" version="1.1.1">
					<filename>libtheora-devel-1.1.1-29.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="libtheora-help" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtheora-help-1.1.1-29.ky11.noarch.rpm" version="1.1.1">
					<filename>libtheora-help-1.1.1-29.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="theora-tools" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/theora-tools-1.1.1-29.ky11.x86_64.rpm" version="1.1.1">
					<filename>theora-tools-1.1.1-29.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1300</id>
		<title>关于 libtiff 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:31"/>
		<updated date="2026-05-25 18:41:01"/>
		<severity>Important</severity>
		<description>关于 libtiff 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4775" id="CVE-2026-4775" severity="Important" severity_desc="高风险" title="libtiff库中的putcontig8bitYCbCr44tile函数存在符号整数溢出漏洞，远程攻击者通过提供特制的TIFF文件可触发该漏洞。该漏洞由于内存指针计算错误，可导致堆越界写入，可能造成拒绝服务（应用程序崩溃）或任意代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libtiff" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtiff-4.6.0-7.ky11.x86_64.rpm" version="4.6.0">
					<filename>libtiff-4.6.0-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libtiff-devel" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtiff-devel-4.6.0-7.ky11.x86_64.rpm" version="4.6.0">
					<filename>libtiff-devel-4.6.0-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libtiff-help" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtiff-help-4.6.0-7.ky11.noarch.rpm" version="4.6.0">
					<filename>libtiff-help-4.6.0-7.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libtiff-static" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtiff-static-4.6.0-7.ky11.x86_64.rpm" version="4.6.0">
					<filename>libtiff-static-4.6.0-7.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libtiff-tools" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libtiff-tools-4.6.0-7.ky11.x86_64.rpm" version="4.6.0">
					<filename>libtiff-tools-4.6.0-7.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1301</id>
		<title>关于 libX11 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:32"/>
		<updated date="2026-05-25 18:41:16"/>
		<severity>Important</severity>
		<description>关于 libX11 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-26597" id="CVE-2025-26597" severity="Important" severity_desc="高风险" title="X.Org与Xwayland的XkbChangeTypesOfKey()函数存在缓冲区溢出漏洞，该漏洞源于当函数被以0组参数调用时，会错误地将键符号表大小调整为0，但未同步更新键操作数组的大小。若后续再次以非零组参数调用同一函数，由于键操作数组大小不匹配，将导致缓冲区溢出，可能造成程序崩溃或执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libX11" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libX11-1.8.7-3.ky11.x86_64.rpm" version="1.8.7">
					<filename>libX11-1.8.7-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libX11-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libX11-devel-1.8.7-3.ky11.x86_64.rpm" version="1.8.7">
					<filename>libX11-devel-1.8.7-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libX11-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libX11-help-1.8.7-3.ky11.noarch.rpm" version="1.8.7">
					<filename>libX11-help-1.8.7-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1309</id>
		<title>关于 mutt 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:38"/>
		<updated date="2026-05-25 18:42:52"/>
		<severity>Low</severity>
		<description>关于 mutt 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43859" id="CVE-2026-43859" severity="Low" severity_desc="低风险" title="mutt是mutt开源的一个从终端发送邮件的命令行电子邮件客户端。
mutt 2.3.2之前版本存在安全漏洞，该漏洞源于有时对IMAP auth_cram MD5摘要使用strfcpy而非memcpy。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43861" id="CVE-2026-43861" severity="Low" severity_desc="低风险" title="Mutt的url_pct_decode函数存在空字节检查缺失漏洞，该漏洞源于在版本2.3.2之前，Mutt在处理URL百分号编码解码时未对解码结果中的空字节（'\0'）进行有效性检查。攻击者可能利用此缺陷构造特制的URL，导致Mutt在处理时产生非预期的字符串截断，进而可能影响后续的URL处理逻辑，造成信息泄露或绕过安全限制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43862" id="CVE-2026-43862" severity="Low" severity_desc="低风险" title="mutt是mutt开源的一个从终端发送邮件的命令行电子邮件客户端。
mutt 2.3.2之前版本存在安全漏洞，该漏洞源于imap_auth_gss安全级别处理不当。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43863" id="CVE-2026-43863" severity="Low" severity_desc="低风险" title="Mutt的crypt-gpgme.c模块中的data_object_to_stream函数存在无限循环漏洞，该漏洞源于对特定数据对象的处理逻辑缺陷。可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43864" id="CVE-2026-43864" severity="Low" severity_desc="低风险" title="Mutt的show_sig_summary功能存在空指针解引用漏洞，该漏洞源于在处理签名摘要时未对指针进行有效性检查，导致在特定条件下触发空指针解引用。可能导致程序崩溃，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="5" name="mutt" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mutt-2.2.12-4.ky11.x86_64.rpm" version="2.2.12">
					<filename>mutt-2.2.12-4.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="5" name="mutt-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/mutt-help-2.2.12-4.ky11.noarch.rpm" version="2.2.12">
					<filename>mutt-help-2.2.12-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1310</id>
		<title>关于 nano 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:39"/>
		<updated date="2026-05-25 18:43:05"/>
		<severity>Moderate</severity>
		<description>关于 nano 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-6842" id="CVE-2026-6842" severity="Low" severity_desc="低风险" title="nano的`~/.local`目录存在权限设置不当漏洞，该漏洞源于在宽松的umask设置环境下，目录权限被错误地设置为0777而非0700。本地攻击者可利用此不正确的目录权限注入恶意的`.desktop`启动器，若该启动器后续被处理，可能导致意外操作或信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="nano" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nano-8.0-2.ky11.x86_64.rpm" version="8.0">
					<filename>nano-8.0-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="nano-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nano-help-8.0-2.ky11.noarch.rpm" version="8.0">
					<filename>nano-help-8.0-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1311</id>
		<title>关于 NetworkManager 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:41"/>
		<updated date="2026-05-25 18:43:17"/>
		<severity>Low</severity>
		<description>关于 NetworkManager 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9615" id="CVE-2025-9615" severity="Low" severity_desc="低风险" title="NetworkManager的权限管理功能存在权限管理不当漏洞，该漏洞源于NetworkManager允许非root用户配置系统网络，但守护进程以root权限运行，且未正确校验对用户文件的访问权限，导致可能访问属于其他用户的文件，进而造成低权限的敏感信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="NetworkManager" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-bluetooth" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-bluetooth-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-bluetooth-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-cloud-setup" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-cloud-setup-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-cloud-setup-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="NetworkManager-config-server" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-config-server-1.44.2-3.p04.ky11.noarch.rpm" version="1.44.2">
					<filename>NetworkManager-config-server-1.44.2-3.p04.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="NetworkManager-help" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-help-1.44.2-3.p04.ky11.noarch.rpm" version="1.44.2">
					<filename>NetworkManager-help-1.44.2-3.p04.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-libnm" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-libnm-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-libnm-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-libnm-devel" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-libnm-devel-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-libnm-devel-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-ppp" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-ppp-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-ppp-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-team" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-team-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-team-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-wifi" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-wifi-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-wifi-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="NetworkManager-wwan" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/NetworkManager-wwan-1.44.2-3.p04.ky11.x86_64.rpm" version="1.44.2">
					<filename>NetworkManager-wwan-1.44.2-3.p04.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1312</id>
		<title>关于 ntfs-3g 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:42"/>
		<updated date="2026-05-25 18:43:30"/>
		<severity>Important</severity>
		<description>关于 ntfs-3g 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40706" id="CVE-2026-40706" severity="Important" severity_desc="高风险" title="NTFS-3G组件存在堆缓冲区溢出漏洞，该漏洞源于在处理NTFS镜像文件时，函数ntfs_build_permissions_posix()未能正确验证安全描述符中的访问控制项（ACE），当读取包含多个具有WRITE_OWNER权限的ACCESS_DENIED ACE（来自不同组SID）的安全描述符时会触发堆溢出。攻击者可通过构造恶意的NTFS镜像，在以SUID-root权限运行的ntfs-3g二进制程序中引发堆内存损坏，进而可能实现任意代码执行或导致服务拒绝。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="2" name="ntfs-3g" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ntfs-3g-2022.10.3-3.ky11.x86_64.rpm" version="2022.10.3">
					<filename>ntfs-3g-2022.10.3-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="ntfs-3g-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ntfs-3g-devel-2022.10.3-3.ky11.x86_64.rpm" version="2022.10.3">
					<filename>ntfs-3g-devel-2022.10.3-3.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="ntfs-3g-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ntfs-3g-help-2022.10.3-3.ky11.x86_64.rpm" version="2022.10.3">
					<filename>ntfs-3g-help-2022.10.3-3.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1314</id>
		<title>关于 openvswitch 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:43"/>
		<updated date="2026-05-25 18:43:56"/>
		<severity>Moderate</severity>
		<description>关于 openvswitch 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34956" id="CVE-2026-34956" severity="Moderate" severity_desc="中风险" title="Open vSwitch 的用户态连接跟踪模块在处理特定构造的FTP报文时存在堆溢出漏洞，该漏洞源于在复制FTP子字符串时发生类型窄化，导致非法内存访问。攻击者可利用此漏洞通过发送恶意构造的FTP流量引发拒绝服务或可能的远程代码执行。触发该漏洞需要配置了FTP ALG处理器的连接跟踪规则，而默认情况下ALG处理器不会自动应用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="network-scripts-openvswitch" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/network-scripts-openvswitch-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>network-scripts-openvswitch-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openvswitch" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvswitch-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>openvswitch-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openvswitch-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvswitch-devel-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>openvswitch-devel-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openvswitch-dpdk" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvswitch-dpdk-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>openvswitch-dpdk-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openvswitch-ipsec" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvswitch-ipsec-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>openvswitch-ipsec-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openvswitch-test" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvswitch-test-3.2.1-5.ky11.noarch.rpm" version="3.2.1">
					<filename>openvswitch-test-3.2.1-5.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="openvswitch-testcontroller" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/openvswitch-testcontroller-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>openvswitch-testcontroller-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-openvswitch" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-openvswitch-3.2.1-5.ky11.x86_64.rpm" version="3.2.1">
					<filename>python3-openvswitch-3.2.1-5.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1315</id>
		<title>关于 pdfbox 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:44"/>
		<updated date="2026-05-25 18:44:09"/>
		<severity>Moderate</severity>
		<description>关于 pdfbox 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33929" id="CVE-2026-33929" severity="Moderate" severity_desc="中风险" title="Apache PDFBox的ExtractEmbeddedFiles示例存在路径遍历漏洞，该漏洞源于对文件路径分隔符的校验不完善，导致在2.0.24至2.0.36及3.0.0至3.0.7版本中，具有特定目录写入权限的用户可能因恶意PDF文件而将文件写入以该目录开头的任意路径，例如具有/home/ABC写入权限的用户可能写入/home/ABCDEF路径。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="fontbox" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/fontbox-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>fontbox-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pdfbox-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-debugger" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pdfbox-debugger-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-debugger-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-javadoc" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pdfbox-javadoc-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-javadoc-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-parent" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pdfbox-parent-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-parent-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-reactor" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pdfbox-reactor-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-reactor-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-tools" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/pdfbox-tools-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-tools-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="preflight" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/preflight-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>preflight-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="xmpbox" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/xmpbox-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>xmpbox-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1317</id>
		<title>关于 postfix 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:47"/>
		<updated date="2026-05-25 18:44:35"/>
		<severity>Low</severity>
		<description>关于 postfix 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43964" id="CVE-2026-43964" severity="Low" severity_desc="低风险" title="Postfix是Postfix开源的一个邮件传输代理软件。
Postfix存在安全漏洞，该漏洞源于增强状态码在第三位数字后缺少文本，可能导致缓冲区过度读取和进程崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="2" name="postfix" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/postfix-3.8.4-2.ky11.x86_64.rpm" version="3.8.4">
					<filename>postfix-3.8.4-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="postfix-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/postfix-help-3.8.4-2.ky11.noarch.rpm" version="3.8.4">
					<filename>postfix-help-3.8.4-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="postfix-perl-scripts" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/postfix-perl-scripts-3.8.4-2.ky11.x86_64.rpm" version="3.8.4">
					<filename>postfix-perl-scripts-3.8.4-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="postfix-pgsql" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/postfix-pgsql-3.8.4-2.ky11.x86_64.rpm" version="3.8.4">
					<filename>postfix-pgsql-3.8.4-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="postfix-sysvinit" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/postfix-sysvinit-3.8.4-2.ky11.noarch.rpm" version="3.8.4">
					<filename>postfix-sysvinit-3.8.4-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1326</id>
		<title>关于 python-ecdsa 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:51:55"/>
		<updated date="2026-05-25 18:46:04"/>
		<severity>Moderate</severity>
		<description>关于 python-ecdsa 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4539" id="CVE-2026-4539" severity="Low" severity_desc="低风险" title="Pygments语法高亮库的`pygments/lexers/archetype.py`文件中的`AdlLexer`函数存在正则表达式拒绝服务漏洞，该漏洞源于该函数使用了低效的正则表达式。攻击者可通过本地访问利用此漏洞发起拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="python3-ecdsa" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-ecdsa-0.18.0-2.p01.ky11.noarch.rpm" version="0.18.0">
					<filename>python3-ecdsa-0.18.0-2.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-ecdsa-help" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python-ecdsa-help-0.18.0-2.p01.ky11.noarch.rpm" version="0.18.0">
					<filename>python-ecdsa-help-0.18.0-2.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1331</id>
		<title>关于 python-pygments 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:03"/>
		<updated date="2026-05-25 18:11:03"/>
		<severity>Low</severity>
		<description>关于 python-pygments 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4539" id="CVE-2026-4539" severity="Low" severity_desc="低风险" title="Pygments语法高亮库的`pygments/lexers/archetype.py`文件中的`AdlLexer`函数存在正则表达式拒绝服务漏洞，该漏洞源于该函数使用了低效的正则表达式。攻击者可通过本地访问利用此漏洞发起拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="python3-pygments" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-pygments-2.17.2-2.ky11.noarch.rpm" version="2.17.2">
					<filename>python3-pygments-2.17.2-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-pygments-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python-pygments-help-2.17.2-2.ky11.noarch.rpm" version="2.17.2">
					<filename>python-pygments-help-2.17.2-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1334</id>
		<title>关于 python-requests 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:05"/>
		<updated date="2026-05-25 18:11:17"/>
		<severity>Moderate</severity>
		<description>关于 python-requests 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25645" id="CVE-2026-25645" severity="Moderate" severity_desc="中风险" title="Requests是Python基金会的一个优雅而简单的HTTP库。通过请求，您可以非常轻松地发送HTTP / 1.1请求。无需将查询字符串手动添加到您的URL，也无需对POST数据进行表单编码。
Requests 2.33.0之前版本存在安全漏洞，该漏洞源于extract_zipped_paths函数使用可预测文件名，可能导致本地攻击者加载恶意文件。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="python3-requests" release="5.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-requests-2.31.0-5.p01.ky11.noarch.rpm" version="2.31.0">
					<filename>python3-requests-2.31.0-5.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-requests-help" release="5.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python-requests-help-2.31.0-5.p01.ky11.noarch.rpm" version="2.31.0">
					<filename>python-requests-help-2.31.0-5.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1339</id>
		<title>关于 qt5-qtsvg 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:08"/>
		<updated date="2026-05-25 18:12:00"/>
		<severity>Moderate</severity>
		<description>关于 qt5-qtsvg 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-10729" id="CVE-2025-10729" severity="Moderate" severity_desc="中风险" title="Qt存在安全漏洞，该漏洞源于解析非结构节点子节点的模式节点可能导致释放后重用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="qt5-qtsvg" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/qt5-qtsvg-5.15.10-1.p01.ky11.x86_64.rpm" version="5.15.10">
					<filename>qt5-qtsvg-5.15.10-1.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="qt5-qtsvg-devel" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/qt5-qtsvg-devel-5.15.10-1.p01.ky11.x86_64.rpm" version="5.15.10">
					<filename>qt5-qtsvg-devel-5.15.10-1.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="qt5-qtsvg-examples" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/qt5-qtsvg-examples-5.15.10-1.p01.ky11.x86_64.rpm" version="5.15.10">
					<filename>qt5-qtsvg-examples-5.15.10-1.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1347</id>
		<title>关于 sudo 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:16"/>
		<updated date="2026-05-25 18:08:52"/>
		<severity>Important</severity>
		<description>关于 sudo 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35535" id="CVE-2026-35535" severity="Important" severity_desc="高风险" title="Sudo组件在降权运行邮件程序之前，未能正确检查setuid、setgid或setgroups系统调用的返回值。当这些调用失败时，Sudo未将其视为致命错误，导致可能仍然保留了较高的权限。攻击者可利用该漏洞在本地系统上实现权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="sudo" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/sudo-1.9.15p5-4.p01.ky11.x86_64.rpm" version="1.9.15p5">
					<filename>sudo-1.9.15p5-4.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="sudo-devel" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/sudo-devel-1.9.15p5-4.p01.ky11.x86_64.rpm" version="1.9.15p5">
					<filename>sudo-devel-1.9.15p5-4.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="sudo-help" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/sudo-help-1.9.15p5-4.p01.ky11.noarch.rpm" version="1.9.15p5">
					<filename>sudo-help-1.9.15p5-4.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1349</id>
		<title>关于 texlive-base 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:19"/>
		<updated date="2026-05-25 18:08:17"/>
		<severity>Moderate</severity>
		<description>关于 texlive-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-32668" id="CVE-2023-32668" severity="Moderate" severity_desc="中风险" title="LuaTeX 存在安全漏洞。在LuaTeX 1.17.0 之前的版本允许使用默认设置编译的文档发出任意网络请求。这是因为默认情况下完全访问 socket 库被许可，正如文档中所述。这也影响到 2023 r66984 版本之前的 TeX Live 和 23.5 版本之前的 MiKTeX。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="9" name="texlive-a2ping" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-a2ping-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-a2ping-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-accfonts" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-accfonts-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-accfonts-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-adhocfilelist" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-adhocfilelist-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-adhocfilelist-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-afm2pl" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-afm2pl-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-afm2pl-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-albatross" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-albatross-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-albatross-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-aleph" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-aleph-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-aleph-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-amstex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-amstex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-amstex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-arara" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-arara-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-arara-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-attachfile2" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-attachfile2-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-attachfile2-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-authorindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-authorindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-authorindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-autosp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-autosp-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-autosp-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-axodraw2" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-axodraw2-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-axodraw2-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-base" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-base-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-base-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-bib2gls" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-bib2gls-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-bib2gls-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-bibexport" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-bibexport-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-bibexport-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-bibtex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-bibtex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-bibtex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-bibtex8" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-bibtex8-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-bibtex8-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-bibtexu" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-bibtexu-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-bibtexu-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-bundledoc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-bundledoc-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-bundledoc-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cachepic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-cachepic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cachepic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-checkcites" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-checkcites-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-checkcites-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-checklistings" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-checklistings-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-checklistings-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-chklref" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-chklref-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-chklref-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-chktex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-chktex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-chktex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-cjkutils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-cjkutils-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-cjkutils-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-clojure-pamphlet" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-clojure-pamphlet-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-clojure-pamphlet-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cluttex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-cluttex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cluttex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-context" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-context-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-context-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-context-doc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-context-doc-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-context-doc-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-convbkmk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-convbkmk-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-convbkmk-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-crossrefware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-crossrefware-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-crossrefware-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cslatex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-cslatex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cslatex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-csplain" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-csplain-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-csplain-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctanbib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ctanbib-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctanbib-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctanify" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ctanify-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctanify-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctan-o-mat" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ctan-o-mat-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctan-o-mat-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctanupload" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ctanupload-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctanupload-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-ctie" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ctie-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-ctie-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-cweb" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-cweb-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-cweb-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cyrillic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-cyrillic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cyrillic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-de-macro" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-de-macro-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-de-macro-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-detex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-detex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-detex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-diadia" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-diadia-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-diadia-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dosepsbin" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dosepsbin-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dosepsbin-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dtl" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dtl-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dtl-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dtxgen" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dtxgen-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dtxgen-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvi2tty" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvi2tty-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvi2tty-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dviasm" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dviasm-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dviasm-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvicopy" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvicopy-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvicopy-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvidvi" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvidvi-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvidvi-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dviinfox" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dviinfox-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dviinfox-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dviljk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dviljk-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dviljk-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dviout-util" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dviout-util-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dviout-util-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvipdfmx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvipdfmx-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvipdfmx-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvipng" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvipng-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvipng-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvipos" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvipos-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvipos-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvips" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvips-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvips-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-dvisvgm" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-dvisvgm-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-dvisvgm-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ebong" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ebong-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ebong-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-eplain" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-eplain-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-eplain-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-epspdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-epspdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-epspdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-epstopdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-epstopdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-epstopdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-exceltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-exceltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-exceltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fig4latex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-fig4latex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fig4latex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-findhyph" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-findhyph-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-findhyph-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fontinst" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-fontinst-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fontinst-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fontools" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-fontools-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fontools-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-fontware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-fontware-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-fontware-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fragmaster" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-fragmaster-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fragmaster-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-getmap" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-getmap-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-getmap-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-git-latexdiff" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-git-latexdiff-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-git-latexdiff-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-glossaries" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-glossaries-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-glossaries-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-glyphlist" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-glyphlist-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-glyphlist-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-gregoriotex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-gregoriotex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-gregoriotex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-gsftopk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-gsftopk-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-gsftopk-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-hyperxmp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-hyperxmp-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-hyperxmp-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-installfont" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-installfont-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-installfont-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-jadetex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-jadetex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-jadetex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-jfmutil" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-jfmutil-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-jfmutil-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ketcindy" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ketcindy-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ketcindy-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-kotex-utils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-kotex-utils-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-kotex-utils-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-kpathsea" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-kpathsea-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-kpathsea-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-l3build" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-l3build-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-l3build-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-lacheck" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lacheck-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-lacheck-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex2man" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latex2man-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex2man-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex2nemeth" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latex2nemeth-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex2nemeth-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexdiff" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latexdiff-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexdiff-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexfileversion" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latexfileversion-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexfileversion-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex-git-log" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latex-git-log-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex-git-log-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexindent" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latexindent-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexindent-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexpand" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latexpand-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexpand-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex-papersize" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-latex-papersize-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex-papersize-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-lcdftypetools" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lcdftypetools-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-lcdftypetools-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-lib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lib-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-lib-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-lib-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lib-devel-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-lib-devel-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-light-latex-make" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-light-latex-make-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-light-latex-make-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lilyglyphs" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lilyglyphs-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-lilyglyphs-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-listbib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-listbib-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-listbib-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-listings-ext" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-listings-ext-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-listings-ext-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lollipop" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lollipop-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-lollipop-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ltxfileinfo" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ltxfileinfo-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ltxfileinfo-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ltximg" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ltximg-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ltximg-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-luahbtex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-luahbtex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-luahbtex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-luajittex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-luajittex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-luajittex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-luaotfload" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-luaotfload-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-luaotfload-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-luatex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-luatex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-luatex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lwarp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lwarp-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-lwarp-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lyluatex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-lyluatex-svn47584-13.ky11.noarch.rpm" version="svn47584">
					<filename>texlive-lyluatex-svn47584-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-make4ht" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-make4ht-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-make4ht-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-makedtx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-makedtx-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-makedtx-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-makeindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-makeindex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-makeindex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-match_parens" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-match_parens-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-match_parens-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mathspic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mathspic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mathspic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-metafont" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-metafont-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-metafont-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-metapost" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-metapost-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-metapost-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mf2pt1" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mf2pt1-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mf2pt1-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-mflua" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mflua-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-mflua-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-mfware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mfware-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-mfware-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mkgrkindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mkgrkindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mkgrkindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mkjobtexmf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mkjobtexmf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mkjobtexmf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mkpic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mkpic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mkpic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mptopdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-mptopdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mptopdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-m-tx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-m-tx-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-m-tx-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-multibibliography" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-multibibliography-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-multibibliography-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-musixtex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-musixtex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-musixtex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-musixtnt" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-musixtnt-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-musixtnt-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-oberdiek" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-oberdiek-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-oberdiek-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-omegaware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-omegaware-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-omegaware-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-optex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-optex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-optex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-patgen" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-patgen-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-patgen-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pax" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pax-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pax-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfbook2" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdfbook2-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfbook2-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfcrop" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdfcrop-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfcrop-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfjam" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdfjam-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfjam-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdflatexpicscale" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdflatexpicscale-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdflatexpicscale-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-pdftex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdftex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-pdftex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdftex-quiet" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdftex-quiet-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdftex-quiet-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-pdftosrc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdftosrc-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-pdftosrc-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfxup" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pdfxup-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfxup-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pedigree-perl" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pedigree-perl-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pedigree-perl-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-perltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-perltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-perltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-petri-nets" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-petri-nets-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-petri-nets-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pfarrei" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pfarrei-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pfarrei-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pkfix" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pkfix-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pkfix-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pkfix-helper" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pkfix-helper-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pkfix-helper-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-pmx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pmx-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-pmx-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pmxchords" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pmxchords-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pmxchords-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-ps2eps" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ps2eps-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-ps2eps-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-ps2pk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ps2pk-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-ps2pk-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pst2pdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pst2pdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pst2pdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pst-pdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pst-pdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pst-pdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-ptex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ptex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-ptex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ptex2pdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ptex2pdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ptex2pdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ptex-fontmaps" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ptex-fontmaps-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ptex-fontmaps-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-purifyeps" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-purifyeps-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-purifyeps-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pygmentex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pygmentex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pygmentex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pythontex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-pythontex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pythontex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-rubik" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-rubik-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-rubik-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-seetexk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-seetexk-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-seetexk-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-spix" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-spix-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-spix-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-splitindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-splitindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-splitindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-srcredact" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-srcredact-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-srcredact-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-sty2dtx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-sty2dtx-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-sty2dtx-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-svn-multi" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-svn-multi-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-svn-multi-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-synctex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-synctex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-synctex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-tex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-tex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-tex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-tex4ebook" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-tex4ebook-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-tex4ebook-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-tex4ht" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-tex4ht-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-tex4ht-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texcount" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texcount-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texcount-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdef" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texdef-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdef-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdiff" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texdiff-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdiff-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdirflatten" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texdirflatten-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdirflatten-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdoc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texdoc-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdoc-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdoctk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texdoctk-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdoctk-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texfot" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texfot-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texfot-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive-en" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texlive-en-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive-en-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive.infra" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texlive.infra-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive.infra-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texliveonfly" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texliveonfly-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texliveonfly-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive-scripts" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texlive-scripts-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive-scripts-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive-scripts-extra" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texlive-scripts-extra-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive-scripts-extra-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texloganalyser" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texloganalyser-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texloganalyser-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texosquery" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texosquery-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texosquery-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texplate" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texplate-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texplate-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texsis" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texsis-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texsis-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-texware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-texware-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-texware-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-thumbpdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-thumbpdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-thumbpdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-tie" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-tie-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-tie-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-tikztosvg" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-tikztosvg-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-tikztosvg-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-tpic2pdftex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-tpic2pdftex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-tpic2pdftex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-ttfutils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ttfutils-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-ttfutils-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-typeoutfileinfo" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-typeoutfileinfo-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-typeoutfileinfo-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ulqda" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-ulqda-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ulqda-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-uptex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-uptex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-uptex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-urlbst" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-urlbst-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-urlbst-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-velthuis" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-velthuis-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-velthuis-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-vlna" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-vlna-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-vlna-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-vpe" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-vpe-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-vpe-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-web" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-web-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-web-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-webquiz" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-webquiz-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-webquiz-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-wordcount" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-wordcount-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-wordcount-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-xdvi" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-xdvi-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-xdvi-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-xetex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-xetex-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-xetex-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-xindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-xindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-xindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-xml2pmx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-xml2pmx-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-xml2pmx-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-xmltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-xmltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-xmltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="9" name="texlive-xpdfopen" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-xpdfopen-20210325-13.ky11.x86_64.rpm" version="20210325">
					<filename>texlive-xpdfopen-20210325-13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-yplan" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/texlive-yplan-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-yplan-20210325-13.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1351</id>
		<title>关于 tomcat 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:20"/>
		<updated date="2026-05-25 18:07:51"/>
		<severity>Moderate</severity>
		<description>关于 tomcat 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34500" id="CVE-2026-34500" severity="Moderate" severity_desc="中风险" title="Apache Tomcat 11.0.0-M14至11.0.20版本、10.1.22至10.1.53版本和9.0.92至9.0.116版本存在安全漏洞，该漏洞源于当软故障禁用且使用FFM时，CLIENT_CERT身份验证在某些场景下未按预期失败。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="1" name="tomcat" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/tomcat-9.0.118-1.ky11.noarch.rpm" version="9.0.118">
					<filename>tomcat-9.0.118-1.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="tomcat-help" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/tomcat-help-9.0.118-1.ky11.noarch.rpm" version="9.0.118">
					<filename>tomcat-help-9.0.118-1.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="tomcat-jsvc" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/tomcat-jsvc-9.0.118-1.ky11.noarch.rpm" version="9.0.118">
					<filename>tomcat-jsvc-9.0.118-1.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1352</id>
		<title>关于 uriparser 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:21"/>
		<updated date="2026-05-25 18:07:35"/>
		<severity>Moderate</severity>
		<description>关于 uriparser 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42371" id="CVE-2026-42371" severity="Moderate" severity_desc="中风险" title="在 1.0.1 版本之前的 uriparser 中，文本范围比较存在数值截断问题，如果应用程序接受长度为千兆字节的 URI，则可能导致漏洞。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="uriparser" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/uriparser-1.0.1-2.ky11.x86_64.rpm" version="1.0.1">
					<filename>uriparser-1.0.1-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="uriparser-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/uriparser-devel-1.0.1-2.ky11.x86_64.rpm" version="1.0.1">
					<filename>uriparser-devel-1.0.1-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="uriparser-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/uriparser-help-1.0.1-2.ky11.noarch.rpm" version="1.0.1">
					<filename>uriparser-help-1.0.1-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1354</id>
		<title>关于 vim 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:22"/>
		<updated date="2026-05-25 18:07:07"/>
		<severity>Moderate</severity>
		<description>关于 vim 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41411" id="CVE-2026-41411" severity="Moderate" severity_desc="中风险" title="Vim 是一个开源的命令行文本编辑器。在 9.2.0357 版本之前，Vim 的标签文件处理功能中存在命令注入漏洞。当解析标签时，标签文件中的 filename 字段会经过通配符扩展来解析环境变量和通配符。如果 filename 字段包含反引号语法（例如 `command`），Vim 会通过系统 shell 执行嵌入的命令，并以当前运行用户的完整权限执行该命令。攻击者可利用此漏洞在目标系统上执行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="2" name="vim-common" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-common-9.0.2092-32.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-common-9.0.2092-32.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="vim-enhanced" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-enhanced-9.0.2092-32.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-enhanced-9.0.2092-32.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="vim-filesystem" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-filesystem-9.0.2092-32.ky11.noarch.rpm" version="9.0.2092">
					<filename>vim-filesystem-9.0.2092-32.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="vim-minimal" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-minimal-9.0.2092-32.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-minimal-9.0.2092-32.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="2" name="vim-X11" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/vim-X11-9.0.2092-32.ky11.x86_64.rpm" version="9.0.2092">
					<filename>vim-X11-9.0.2092-32.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1357</id>
		<title>关于 wireshark 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:26"/>
		<updated date="2026-05-25 18:05:38"/>
		<severity>Moderate</severity>
		<description>关于 wireshark 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5656" id="CVE-2026-5656" severity="Important" severity_desc="高风险" title="Wireshark的配置文件导入功能存在路径遍历漏洞，该漏洞源于对用户提供的文件路径未进行充分校验。攻击者可利用此漏洞，通过诱导用户导入特制的配置文件，实现目录遍历，进而可能导致拒绝服务或任意代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="wireshark" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/wireshark-4.4.15-1.ky11.x86_64.rpm" version="4.4.15">
					<filename>wireshark-4.4.15-1.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="wireshark-devel" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/wireshark-devel-4.4.15-1.ky11.x86_64.rpm" version="4.4.15">
					<filename>wireshark-devel-4.4.15-1.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="wireshark-help" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/wireshark-help-4.4.15-1.ky11.noarch.rpm" version="4.4.15">
					<filename>wireshark-help-4.4.15-1.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1358</id>
		<title>关于 xnio 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 12:52:28"/>
		<updated date="2026-05-25 18:13:41"/>
		<severity>Moderate</severity>
		<description>关于 xnio 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2022-0084" id="CVE-2022-0084" severity="Moderate" severity_desc="中风险" title="在XNIO中发现了一个缺陷，特别是在notifyReadClosed方法中。该问题显示此方法正在将消息记录到另一个预期的终端。此漏洞允许攻击者向服务器发送有缺陷的请求，可能导致与日志争用相关的性能问题或不必要的磁盘填充。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="xnio" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/xnio-3.4.0-12.ky11.noarch.rpm" version="3.4.0">
					<filename>xnio-3.4.0-12.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="xnio-help" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/xnio-help-3.4.0-12.ky11.noarch.rpm" version="3.4.0">
					<filename>xnio-help-3.4.0-12.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1364</id>
		<title>关于 curl 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 18:50:08"/>
		<updated date="2026-06-01 16:29:31"/>
		<severity>Moderate</severity>
		<description>关于 curl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1965" id="CVE-2026-1965" severity="Moderate" severity_desc="中风险" title="libcurl的连接复用池在处理Negotiate认证的HTTP或HTTPS请求时存在逻辑错误，导致后续请求可能错误地复用已存在的、使用不同用户凭据进行认证的连接。具体而言，当应用程序先后使用不同凭据（如user1:password1和user2:password2）向同一服务器发起Negotiate认证请求时，若前一个连接仍存活，第二个请求会错误复用该连接，并误以为已使用新凭据完成认证，实际上仍在使用第一个用户的认证状态。该漏洞源于代码中对连接复用条件的校验逻辑缺陷，以及Negotiate协议认证连接而非请求的特性与HTTP设计的不一致。攻击者利用此漏洞可导致应用程序在不知情下使用错误的用户凭据发送请求，造成身份混淆和潜在的越权操作。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3783" id="CVE-2026-3783" severity="Moderate" severity_desc="中风险" title="curl组件在处理使用OAuth2 bearer token进行HTTP(S)传输时存在安全漏洞，当该传输被重定向到第二个URL时，在特定条件下curl可能会将认证令牌泄露给第二个主机名。如果第一次请求重定向的目标主机在.netrc文件中有配置信息（使用`machine`或`default`关键字），curl会将在第一个主机设置的bearer token也传递给第二个主机，从而造成认证凭证的意外泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3784" id="CVE-2026-3784" severity="Moderate" severity_desc="中风险" title="curl的HTTP代理连接管理功能存在凭证重用漏洞，该漏洞源于curl在复用现有HTTP代理连接（通过CONNECT方法建立）时，未正确校验新请求中使用的HTTP代理凭证是否与原有连接一致。可能导致后续请求错误地复用先前已建立的代理连接，即使新请求使用了不同的代理认证凭据，从而引发信息泄露或权限绕过风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="curl" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/curl-8.4.0-26.p03.ky11.x86_64.rpm" version="8.4.0">
					<filename>curl-8.4.0-26.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="curl-help" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/curl-help-8.4.0-26.p03.ky11.noarch.rpm" version="8.4.0">
					<filename>curl-help-8.4.0-26.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libcurl" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libcurl-8.4.0-26.p03.ky11.x86_64.rpm" version="8.4.0">
					<filename>libcurl-8.4.0-26.p03.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libcurl-devel" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libcurl-devel-8.4.0-26.p03.ky11.x86_64.rpm" version="8.4.0">
					<filename>libcurl-devel-8.4.0-26.p03.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1371</id>
		<title>关于 jython 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 18:50:10"/>
		<updated date="2026-05-25 18:14:53"/>
		<severity>Moderate</severity>
		<description>关于 jython 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-6069" id="CVE-2025-6069" severity="Moderate" severity_desc="中风险" title="CPython的html.parser.HTMLParser类在处理特定构造的畸形输入时存在低效正则表达式漏洞，该漏洞源于算法复杂度为最坏情况下的二次方，导致处理时间随输入长度呈指数级增长。可能导致攻击者利用此漏洞发起拒绝服务攻击，造成服务资源耗尽。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="jython" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jython-2.7.1-3.ky11.noarch.rpm" version="2.7.1">
					<filename>jython-2.7.1-3.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jython-demo" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jython-demo-2.7.1-3.ky11.noarch.rpm" version="2.7.1">
					<filename>jython-demo-2.7.1-3.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jython-javadoc" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/jython-javadoc-2.7.1-3.ky11.noarch.rpm" version="2.7.1">
					<filename>jython-javadoc-2.7.1-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1389</id>
		<title>关于 libXpm 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-19 18:50:18"/>
		<updated date="2026-05-25 17:12:47"/>
		<severity>Important</severity>
		<description>关于 libXpm 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4367" id="CVE-2026-4367" severity="Important" severity_desc="高风险" title="X.org libXpm库在3.5.4及之前版本中存在安全漏洞，该漏洞源于在处理图像数据时未能正确验证缓冲区边界，导致产品会读取超出预期缓冲区起始或结束位置的数据。攻击者可利用此漏洞读取敏感内存信息，从而对机密性造成影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libXpm" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libXpm-3.5.17-2.ky11.x86_64.rpm" version="3.5.17">
					<filename>libXpm-3.5.17-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libXpm-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libXpm-devel-3.5.17-2.ky11.x86_64.rpm" version="3.5.17">
					<filename>libXpm-devel-3.5.17-2.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libXpm-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libXpm-help-3.5.17-2.ky11.noarch.rpm" version="3.5.17">
					<filename>libXpm-help-3.5.17-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1397</id>
		<title>关于 box-utils 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:08:59"/>
		<updated date="2026-05-25 03:35:39"/>
		<severity>Important</severity>
		<description>关于 box-utils 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0408" id="KVE-2026-0408" severity="Important" severity_desc="高风险" title="普通用户被错误授权对 /root 目录执行 mount/umount2 操作，可通过绑定挂载覆盖 /root 下的文件。虽然挂载后的文件仍保持普通用户权限，但可劫持 root 用户的登录脚本（如 .bashrc），导致以 root 身份执行任意命令实现提权。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0422" id="KVE-2026-0422" severity="Low" severity_desc="低风险" title="box-utils组件存在命令注入漏洞，该漏洞源于可通过恶意命名的box名，在后续mount流程中注入shell命令，最终导致操作系统以当前用户权限执行系统命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="box-utils" release="2.se.14.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/box-utils-4.0.3-2.se.14.ky11.x86_64.rpm" version="4.0.3">
					<filename>box-utils-4.0.3-2.se.14.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libbox1" release="2.se.14.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libbox1-4.0.3-2.se.14.ky11.x86_64.rpm" version="4.0.3">
					<filename>libbox1-4.0.3-2.se.14.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libbox1-devel" release="2.se.14.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libbox1-devel-4.0.3-2.se.14.ky11.x86_64.rpm" version="4.0.3">
					<filename>libbox1-devel-4.0.3-2.se.14.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1401</id>
		<title>关于 cockpit 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:02"/>
		<updated date="2026-05-25 03:36:45"/>
		<severity>Low</severity>
		<description>关于 cockpit 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0415" id="KVE-2026-0415" severity="Low" severity_desc="低风险" title="Cockpit后端日志功能代码层面存在 Shell 元字符过滤不严的编码缺陷，导致存在命令注入。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="cockpit" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cockpit-309-4.p02.ky11.x86_64.rpm" version="309">
					<filename>cockpit-309-4.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="cockpit-devel" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cockpit-devel-309-4.p02.ky11.x86_64.rpm" version="309">
					<filename>cockpit-devel-309-4.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="cockpit-help" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cockpit-help-309-4.p02.ky11.noarch.rpm" version="309">
					<filename>cockpit-help-309-4.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="cockpit-pcp" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/cockpit-pcp-309-4.p02.ky11.x86_64.rpm" version="309">
					<filename>cockpit-pcp-309-4.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1402</id>
		<title>关于 efl 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:02"/>
		<updated date="2026-05-25 03:32:35"/>
		<severity>Important</severity>
		<description>关于 efl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0421" id="KVE-2026-0421" severity="Important" severity_desc="高风险" title="efl组件存在权限提升漏洞，该漏洞源于安装系统时kytrust-bima组件会赋予 eeze_scanner 程序高危capability权能，最终导致操作系统权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="efl" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/efl-1.25.1-3.p02.ky11.x86_64.rpm" version="1.25.1">
					<filename>efl-1.25.1-3.p02.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="efl-devel" release="3.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/efl-devel-1.25.1-3.p02.ky11.x86_64.rpm" version="1.25.1">
					<filename>efl-devel-1.25.1-3.p02.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1407</id>
		<title>关于 ksaf-default-policy 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:04"/>
		<updated date="2026-05-25 03:32:21"/>
		<severity>Low</severity>
		<description>关于 ksaf-default-policy 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0425" id="KVE-2026-0425" severity="Low" severity_desc="低风险" title="ksaf-default-policy组件存在授权不当漏洞，该漏洞源于普通用户和自定义程序均可成功访问受保护的/etc/kyexectl/目录下的配置文件，最终导致信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="ksaf-default-policy" release="05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ksaf-default-policy-1.0.1-05.ky11.x86_64.rpm" version="1.0.1">
					<filename>ksaf-default-policy-1.0.1-05.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1408</id>
		<title>关于 kycompatguard 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:05"/>
		<updated date="2026-05-25 03:37:08"/>
		<severity>Moderate</severity>
		<description>关于 kycompatguard 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0411" id="KVE-2026-0411" severity="Moderate" severity_desc="中风险" title="kycompatguard 工具在处理 RPM 文件名时未进行转义，直接拼接到系统命令中执行。攻击者可通过构造包含 Shell 元字符的文件名，诱使管理员或 root 用户使用该工具检查文件，从而以 root 权限执行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kycompatguard" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kycompatguard-1.0-4.ky11.x86_64.rpm" version="1.0">
					<filename>kycompatguard-1.0-4.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1412</id>
		<title>关于 kylin-subscription 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:06"/>
		<updated date="2026-05-25 03:36:31"/>
		<severity>Low</severity>
		<description>关于 kylin-subscription 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0417" id="KVE-2026-0417" severity="Low" severity_desc="低风险" title="kylin-subscription组件存在路径穿越漏洞，特殊情况下攻击者可利用此漏洞进行任意文件写操作。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-subscription" release="1.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-subscription-1.0.0-1.p10.ky11.x86_64.rpm" version="1.0.0">
					<filename>kylin-subscription-1.0.0-1.p10.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-dnf-plugin-kylin-subscription" release="1.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-dnf-plugin-kylin-subscription-1.0.0-1.p10.ky11.x86_64.rpm" version="1.0.0">
					<filename>python3-dnf-plugin-kylin-subscription-1.0.0-1.p10.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1413</id>
		<title>关于 kylin-user-guide 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:06"/>
		<updated date="2026-05-25 03:36:57"/>
		<severity>Low</severity>
		<description>关于 kylin-user-guide 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0413" id="KVE-2026-0413" severity="Low" severity_desc="低风险" title="kylin-user-guide ghelp: scheme 参数未过滤导致的 JS 注入，进而通过暴露的 bridge.js_executeCommand 实现本地命令执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-user-guide" release="1.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-user-guide-4.10.0.0-1.p13.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>kylin-user-guide-4.10.0.0-1.p13.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kylin-user-guide-common" release="1.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-user-guide-common-4.10.0.0-1.p13.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>kylin-user-guide-common-4.10.0.0-1.p13.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1414</id>
		<title>关于 kysec-common 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:07"/>
		<updated date="2026-05-25 03:32:04"/>
		<severity>Important</severity>
		<description>关于 kysec-common 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0206" id="KVE-2026-0206" severity="Important" severity_desc="高风险" title="kysec-common组件的get_file_list_from_dir函数在处理文件操作时，存在条件竞争缺陷。该函数在检查文件路径合法性与实际执行文件操作之间，存在一个短暂的时间窗口（TOCTOU）。攻击者可利用此时间窗口，通过并发请求或快速替换目标目录的方式，绕过函数的安全检查逻辑，将目录操作重定向至预期外的系统路径。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kysec-common-devel" release="06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kysec-common-devel-1.2.1-06.ky11.x86_64.rpm" version="1.2.1">
					<filename>kysec-common-devel-1.2.1-06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kyseclog-daemon" release="06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kyseclog-daemon-1.2.1-06.ky11.x86_64.rpm" version="1.2.1">
					<filename>kyseclog-daemon-1.2.1-06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysec-adv" release="06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysec-adv-1.2.1-06.ky11.x86_64.rpm" version="1.2.1">
					<filename>libkysec-adv-1.2.1-06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysec-core" release="06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysec-core-1.2.1-06.ky11.x86_64.rpm" version="1.2.1">
					<filename>libkysec-core-1.2.1-06.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1415</id>
		<title>关于 kysec-daemon 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:07"/>
		<updated date="2026-05-25 03:32:59"/>
		<severity>Low</severity>
		<description>关于 kysec-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0419" id="KVE-2026-0419" severity="Low" severity_desc="低风险" title="kysec-daemon组件存在授权不当漏洞，该漏洞源于dbus接口权限管控不当，最终导致接口未授权修改系统敏感文件。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kysec-daemon" release="16.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kysec-daemon-2.0.0-16.ky11.x86_64.rpm" version="2.0.0">
					<filename>kysec-daemon-2.0.0-16.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1416</id>
		<title>关于 kytrust-bima 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:08"/>
		<updated date="2026-05-25 03:33:27"/>
		<severity>Important</severity>
		<description>关于 kytrust-bima 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0410" id="KVE-2026-0410" severity="Important" severity_desc="高风险" title="银河麒麟操作系统findutils组件存在系统权限配置不当漏洞，该漏洞源于默认权限配置赋予了程序超出其职责所需的系统权能，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kytrust-bima" release="40.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kytrust-bima-2.0.14-40.ky11.x86_64.rpm" version="2.0.14">
					<filename>kytrust-bima-2.0.14-40.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1418</id>
		<title>关于 libkysdk-system 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:10"/>
		<updated date="2026-05-25 03:35:13"/>
		<severity>Important</severity>
		<description>关于 libkysdk-system 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0703" id="KVE-2025-0703" severity="Important" severity_desc="高风险" title="银河麒麟桌面操作系统V10 SP1 libkysdk-system dbus组件getHardSerial函数存在提权漏洞。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0704" id="KVE-2025-0704" severity="Important" severity_desc="高风险" title="libkysdk-system组件getDiskTemperature函数存在提权漏洞" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0705" id="KVE-2025-0705" severity="Important" severity_desc="高风险" title="libkysdk-system 组件在处理磁盘信息获取时，其 getDiskRate 函数存在缺陷。该函数在内部实现中，未对传入的参数进行充分的输入验证和命令参数隔离，直接将其拼接到底层系统命令中执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0706" id="KVE-2025-0706" severity="Important" severity_desc="高风险" title="libkysdk-system组件的二进制文件/usr/bin/kySdkDbus中的changePassword函数存在修改任意用户密码漏洞，可通过该漏洞修改操作系统中用户密码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0707" id="KVE-2025-0707" severity="Important" severity_desc="高风险" title="libkysdk-system组件的二进制文件/usr/bin/kySdkDbus中的changePassword函数存在注入漏洞，可导致操作系统权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0801" id="KVE-2025-0801" severity="Important" severity_desc="高风险" title="libkysdk-system组件的二进制文件/usr/bin/kySdkDbus中的getHardModel函数存在注入漏洞，可导致操作系统权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-1001" id="KVE-2025-1001" severity="Important" severity_desc="高风险" title="银河麒麟操作系统系统开发套件组件存在对外部输入校验不严格漏洞，该漏洞源于对外部传入的参数或数据进行校验与过滤的环节存在疏漏，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-259872293" id="KVE-2025-259872293" severity="Important" severity_desc="高风险" title="银河麒麟桌面操作系统V10 SP1 libkysdk-system组件getPrinterDownloadRemoteFile函数存在任意文件写漏洞，可导致普通用户任意写文件风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libkysdk-accounts" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-accounts-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-accounts-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-accounts-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-accounts-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-accounts-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-battery" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-battery-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-battery-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-battery-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-battery-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-battery-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-disk" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-disk-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-disk-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-disk-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-disk-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-disk-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-filesystem" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-filesystem-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-filesystem-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-filesystem-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-filesystem-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-filesystem-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-global" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-global-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-global-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-global-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-global-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-global-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-hardware" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-hardware-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-hardware-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-hardware-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-hardware-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-hardware-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-imageproc" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-imageproc-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-imageproc-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-imageproc-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-imageproc-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-imageproc-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-location" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-location-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-location-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-location-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-location-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-location-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-logrotate" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-logrotate-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-logrotate-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-net" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-net-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-net-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-net-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-net-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-net-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-ocr" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-ocr-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-ocr-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-ocr-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-ocr-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-ocr-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-package" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-package-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-package-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-package-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-package-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-package-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-powermanagement" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-powermanagement-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-powermanagement-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-powermanagement-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-powermanagement-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-powermanagement-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-proc" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-proc-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-proc-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-proc-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-proc-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-proc-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-realtime" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-realtime-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-realtime-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-realtime-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-realtime-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-realtime-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-search" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-search-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-search-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-search-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-search-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-search-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-storage" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-storage-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-storage-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-storage-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-storage-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-storage-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-sysinfo" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-sysinfo-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-sysinfo-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-sysinfo-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-sysinfo-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-sysinfo-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-systemcommon" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-systemcommon-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-systemcommon-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system-dbus" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-dbus-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-dbus-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system-java" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-java-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-java-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system-javascript-http" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-javascript-http-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-javascript-http-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system-javascript-websocket" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-javascript-websocket-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-javascript-websocket-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-system-python" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-system-python-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-python-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-systime" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-systime-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-systime-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="libkysdk-systime-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libkysdk-systime-devel-2.5.1.2-1.p06.ky11.x86_64.rpm" version="2.5.1.2">
					<filename>libkysdk-systime-devel-2.5.1.2-1.p06.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1419</id>
		<title>关于 security-reinforce 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:10"/>
		<updated date="2026-05-25 03:33:42"/>
		<severity>Moderate</severity>
		<description>关于 security-reinforce 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0409" id="KVE-2026-0409" severity="Moderate" severity_desc="中风险" title="security-reinforce 工具输出报告路径未检查符号链接，当 root 用户执行报告导出功能操作后，低权限用户可将其指向恶意路径。管理员或 root 用户登录时，以 root 权限执行任意命令。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0420" id="KVE-2026-0420" severity="Moderate" severity_desc="中风险" title="security-reinforce组件存在路径穿越漏洞，该漏洞源于模版TEMPLATE_NAME参数因作为文件名传递，拼接跨目录字符可导出到任意路径，最终导致操作系统以当前用户权限执行系统命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="security-reinforce" release="08.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/security-reinforce-2.0.0-08.ky11.x86_64.rpm" version="2.0.0">
					<filename>security-reinforce-2.0.0-08.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1421</id>
		<title>关于 ukui-bluetooth 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:12"/>
		<updated date="2026-05-25 03:34:42"/>
		<severity>Important</severity>
		<description>关于 ukui-bluetooth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0414" id="KVE-2026-0414" severity="Important" severity_desc="高风险" title="银河麒麟操作系统蓝牙管理组件存在对外部输入校验不严格漏洞，该漏洞源于对外部传入的参数或数据进行校验与过滤的环节存在疏漏，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="ukui-bluetooth" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-bluetooth-4.10.1.0-1.p07.ky11.x86_64.rpm" version="4.10.1.0">
					<filename>ukui-bluetooth-4.10.1.0-1.p07.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1422</id>
		<title>关于 ukui-session-manager 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:13"/>
		<updated date="2026-05-25 03:34:27"/>
		<severity>Important</severity>
		<description>关于 ukui-session-manager 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0412" id="KVE-2026-0412" severity="Important" severity_desc="高风险" title="UKUI 桌面环境的会话管理组件 ukuismserver 在建立 ICE（Inter-Client Exchange）连接时，对本地连接采用了基于主机名的认证策略（Host-Based Authentication）。该策略将同一主机上的所有本地连接均视为可信连接，无需提供任何认证凭据（如 MIT-MAGIC-COOKIE）即可通过认证。在同一台多用户系统中，低权限本地用户可利用该缺陷，向其他已登录用户的图形会话中的 ukuismserver 注册恶意的 XSMP（X Session Management Protocol）客户端。通过设置客户端的 SmRestartCommand 或 SmDiscardCommand 属性，攻击者能够以受害用户的身份执行任意系统命令，实现本地权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="ukui-session-manager" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-session-manager-4.0.0.0-1.p06.ky11.x86_64.rpm" version="4.0.0.0">
					<filename>ukui-session-manager-4.0.0.0-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-session-wayland" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-session-wayland-4.0.0.0-1.p06.ky11.x86_64.rpm" version="4.0.0.0">
					<filename>ukui-session-wayland-4.0.0.0-1.p06.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1423</id>
		<title>关于 ukui-settings-daemon 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-24 13:09:14"/>
		<updated date="2026-05-25 03:34:12"/>
		<severity>Important</severity>
		<description>关于 ukui-settings-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0305" id="KVE-2025-0305" severity="Moderate" severity_desc="中风险" title="ukui-settings-daemon组件readGlobalConfig函数存在任意文件读取漏洞,攻击者通过特制的输入如../符号，跨越当前路径读取普通用户权限不应被访问敏感数据，从而造成信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0508" id="KVE-2026-0508" severity="Important" severity_desc="高风险" title="ukui-settings-daemon组件存在权限提升漏洞，该漏洞源于普通用户可以使用GlobalSignal.updateConfig dbus接口可写入任意文件，最终导致操作系统权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-display-switch" release="1.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-display-switch-4.10.0.0-1.p14.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>kylin-display-switch-4.10.0.0-1.p14.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-settings-daemon" release="1.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-settings-daemon-4.10.0.0-1.p14.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-4.10.0.0-1.p14.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-settings-daemon-common" release="1.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-settings-daemon-common-4.10.0.0-1.p14.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-common-4.10.0.0-1.p14.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1454</id>
		<title>关于 nginx 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-26 10:43:15"/>
		<updated date="2026-06-01 14:14:47"/>
		<severity>Important</severity>
		<description>关于 nginx 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32647" id="CVE-2026-32647" severity="Important" severity_desc="高风险" title="F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。
NGINX Open Source和NGINX Plus存在缓冲区错误漏洞，该漏洞源于ngx_http_mp4_module模块存在缓冲区过度读取或写入问题，可能导致NGINX工作进程终止或执行任意代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42945" id="CVE-2026-42945" severity="Important" severity_desc="高风险" title="NGINX Plus及NGINX开源版本的ngx_http_rewrite_module模块存在堆缓冲区溢出漏洞，该漏洞源于当rewrite指令后紧跟rewrite、if或set指令，且使用未命名的Perl兼容正则表达式（PCRE）捕获（例如$1、$2）并包含问号（?）的替换字符串时，未正确验证输入长度。未经身份验证的攻击者在满足特定外部条件的情况下，可通过发送特制的HTTP请求利用此漏洞，导致NGINX工作进程发生堆缓冲区溢出并重启；此外，在禁用地址空间布局随机化（ASLR）的系统上，可能实现远程代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="nginx" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-all-modules" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-all-modules-1.24.0-3.p05.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-all-modules-1.24.0-3.p05.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-filesystem" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-filesystem-1.24.0-3.p05.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-filesystem-1.24.0-3.p05.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-help" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-help-1.24.0-3.p05.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-help-1.24.0-3.p05.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-devel" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-devel-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-devel-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-http-image-filter" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-http-image-filter-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-http-image-filter-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-http-perl" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-http-perl-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-http-perl-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-http-xslt-filter" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-http-xslt-filter-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-http-xslt-filter-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-mail" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-mail-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-mail-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-stream" release="3.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-stream-1.24.0-3.p05.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-stream-1.24.0-3.p05.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1456</id>
		<title>关于 nodejs-brace-expansion 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-26 10:43:16"/>
		<updated date="2026-06-01 14:14:15"/>
		<severity>Moderate</severity>
		<description>关于 nodejs-brace-expansion 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33750" id="CVE-2026-33750" severity="Moderate" severity_desc="中风险" title="brace-expansion是Julian Gruber个人开发者的一个JavaScript中的Brace扩展。
brace-expansion 5.0.5之前版本、3.0.2之前版本、2.0.3之前版本和1.1.13之前版本存在资源管理错误漏洞，该漏洞源于步长值为零的括号模式导致序列生成循环无限运行，可能导致拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="nodejs-brace-expansion" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nodejs-brace-expansion-1.1.11-5.ky11.noarch.rpm" version="1.1.11">
					<filename>nodejs-brace-expansion-1.1.11-5.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1461</id>
		<title>关于 polkit 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-26 10:43:18"/>
		<updated date="2026-06-01 16:35:38"/>
		<severity>Moderate</severity>
		<description>关于 polkit 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4897" id="CVE-2026-4897" severity="Moderate" severity_desc="中风险" title="polkit组件存在资源分配无限制漏洞，该漏洞源于其`polkit-agent-helper-1` setuid二进制程序在处理通过标准输入（stdin）传入的用户输入时，未对输入长度进行有效限制。攻击者可利用此缺陷，通过提供超长的恶意输入数据，触发系统内存耗尽（OOM），从而导致系统拒绝服务（DoS）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="polkit" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/polkit-123-4.p01.ky11.x86_64.rpm" version="123">
					<filename>polkit-123-4.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="polkit-devel" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/polkit-devel-123-4.p01.ky11.x86_64.rpm" version="123">
					<filename>polkit-devel-123-4.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="polkit-help" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/polkit-help-123-4.p01.ky11.noarch.rpm" version="123">
					<filename>polkit-help-123-4.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="polkit-libs" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/polkit-libs-123-4.p01.ky11.x86_64.rpm" version="123">
					<filename>polkit-libs-123-4.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1466</id>
		<title>关于 skopeo 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-26 10:43:20"/>
		<updated date="2026-06-01 16:36:09"/>
		<severity>Moderate</severity>
		<description>关于 skopeo 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-9676" id="CVE-2024-9676" severity="Moderate" severity_desc="中风险" title="Podman存在路径遍历漏洞，该漏洞源于当运行使用自动分配用户命名空间（--userns=auto）的恶意镜像时，攻击者可通过构造符号链接覆盖容器内的 /etc/passwd 文件，导致库读取主机上的任意文件。成功利用可导致拒绝服务（OOM 杀进程）或潜在的主机文件读取。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="skopeo" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/skopeo-1.14.2-6.p01.ky11.x86_64.rpm" version="1.14.2">
					<filename>skopeo-1.14.2-6.p01.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="skopeo-tests" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/skopeo-tests-1.14.2-6.p01.ky11.x86_64.rpm" version="1.14.2">
					<filename>skopeo-tests-1.14.2-6.p01.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1492</id>
		<title>关于 autogen 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-26 18:50:09"/>
		<updated date="2026-06-01 16:50:16"/>
		<severity>Moderate</severity>
		<description>关于 autogen 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-8746" id="CVE-2025-8746" severity="Low" severity_desc="低风险" title="GNU libopts库的__strstr_sse2函数存在内存破坏漏洞，该漏洞源于对内存操作处理不当，可能导致内存损坏。攻击者需要本地访问权限才能利用此漏洞。该漏洞仅影响厂商不再支持的产品版本。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="autogen" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/autogen-5.18.16-6.ky11.x86_64.rpm" version="5.18.16">
					<filename>autogen-5.18.16-6.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="autogen-devel" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/autogen-devel-5.18.16-6.ky11.x86_64.rpm" version="5.18.16">
					<filename>autogen-devel-5.18.16-6.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="autogen-help" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/autogen-help-5.18.16-6.ky11.noarch.rpm" version="5.18.16">
					<filename>autogen-help-5.18.16-6.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1548</id>
		<title>关于 python-nbconvert 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-26 18:51:10"/>
		<updated date="2026-06-01 16:52:47"/>
		<severity>Moderate</severity>
		<description>关于 python-nbconvert 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39377" id="CVE-2026-39377" severity="Moderate" severity_desc="中风险" title="Jupyter nbconvert的ExtractAttachmentsPreprocessor模块存在路径遍历漏洞，该漏洞源于在处理包含恶意构造的单元格附件文件名的Jupyter笔记本时，未对附件文件名进行充分净化，直接将文件名传递给文件系统。可能导致攻击者将文件写入到预期输出目录之外的任意位置，并完全控制目标路径和文件扩展名。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39378" id="CVE-2026-39378" severity="Moderate" severity_desc="中风险" title="nbconvert的Markdown渲染器存在路径遍历漏洞，该漏洞源于当`HTMLExporter.embed_images=True`时，程序未对图像引用中的路径进行充分校验。攻击者可通过恶意Notebook文件利用路径遍历读取转换主机上的任意敏感文件，并将其以base64数据URI的形式嵌入到输出的HTML中，从而导致信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="noarch" epoch="0" name="python3-nbconvert" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-nbconvert-7.17.1-1.ky11.noarch.rpm" version="7.17.1">
					<filename>python3-nbconvert-7.17.1-1.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1019</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-06-02 12:50:30"/>
		<updated date="2026-06-04 10:56:52"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-46243" id="CVE-2026-46243" severity="Important" severity_desc="高风险" title="Linux Kernel的SMB客户端模块在处理cifs.spnego密钥描述时存在输入验证漏洞，该漏洞源于未正确校验cifs.spnego密钥描述中由用户空间提供的权限相关字段（如pid、uid、creduid和upcall_target），导致攻击者可通过request_key(2)或add_key(2)系统调用创建恶意密钥，从而可能实现权限提升、信息泄露或系统崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="bpftool" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/bpftool-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>bpftool-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-abi-stablelists-6.6.0-32.18.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-32.18.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-core" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-core-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-cross-headers" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel-matched" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-matched-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-doc-6.6.0-32.18.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-32.18.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-headers" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-headers-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-ipaclones-internal" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-ipaclones-internal-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-extra" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-internal" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-selftests-internal" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-selftests-internal-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs-devel" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="perf" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perf-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-perf" release="32.18.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-perf-6.6.0-32.18.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-32.18.v2505.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1048</id>
		<title>关于 nginx 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-05-29 20:02:02"/>
		<updated date="2026-05-29 20:39:39"/>
		<severity>Important</severity>
		<description>关于 nginx 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40701" id="CVE-2026-40701" severity="Moderate" severity_desc="中风险" title="F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。
F5 NGINX Plus和F5 NGINX Open Source存在资源管理错误漏洞，该漏洞源于ngx_http_ssl_module模块中ssl_verify_client指令设置为on或optional且ssl_ocsp指令设置为on或leaf参数配置了解析器时，未经身份验证的攻击者可以发送请求，导致NGINX工作进程中发生堆释放后重用错误，可能导致数据有限修改或NGINX工作进程重启。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42934" id="CVE-2026-42934" severity="Moderate" severity_desc="中风险" title="NGINX Plus和NGINX开源版本的ngx_http_charset_module模块存在堆缓冲区越界读取漏洞，该漏洞源于在配置了charset、source_charset、charset_map指令以及禁用缓冲（“off”）的proxy_pass指令时，未经身份验证的攻击者可在超出其控制范围的条件下发送特定请求，导致NGINX工作进程发生堆缓冲区越界读取，进而可能造成有限的内存信息泄露或进程重启。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42946" id="CVE-2026-42946" severity="Moderate" severity_desc="中风险" title="NGINX的ngx_http_scgi_module和ngx_http_uwsgi_module模块存在内存分配不当漏洞，该源于对上游服务器响应数据的长度校验不严格，当配置了scgi_pass或uwsgi_pass指令时，具备中间人攻击能力的未认证攻击者通过控制上游服务器的响应，可能导致NGINX工作进程过度分配内存或发生越界读取，进而泄露工作进程内存信息或导致进程重启。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-9256" id="CVE-2026-9256" severity="Important" severity_desc="高风险" title="NGINX存在缓冲区溢出漏洞，该漏洞源于ngx_http_rewrite_module模块中重写指令使用具有重叠PCRE捕获的正则表达式模式时，可能导致堆缓冲区溢出，造成工作进程重启，并在ASLR禁用或可绕过时执行代码。以下版本受到影响：NGINX Plus和NGINX Open Source。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="1" name="nginx" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-all-modules" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-all-modules-1.24.0-3.p06.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-all-modules-1.24.0-3.p06.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-filesystem" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-filesystem-1.24.0-3.p06.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-filesystem-1.24.0-3.p06.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-help" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-help-1.24.0-3.p06.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-help-1.24.0-3.p06.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-devel" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-devel-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-devel-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-http-image-filter" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-http-image-filter-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-http-image-filter-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-http-perl" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-http-perl-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-http-perl-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-http-xslt-filter" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-http-xslt-filter-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-http-xslt-filter-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-mail" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-mail-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-mail-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="1" name="nginx-mod-stream" release="3.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/nginx-mod-stream-1.24.0-3.p06.ky11.x86_64.rpm" version="1.24.0">
					<filename>nginx-mod-stream-1.24.0-3.p06.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1166</id>
		<title>关于 ukui-biometric-auth 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-06-04 11:26:18"/>
		<updated date="2026-06-04 15:43:38"/>
		<severity>Important</severity>
		<description>关于 ukui-biometric-auth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0416" id="KVE-2026-0416" severity="Important" severity_desc="高风险" title="ukui-biometric-auth组件存在越权覆盖文件漏洞， setDefaultDevice 函数写入用户配置时缺少对符号链接的安全校验，导致攻击者可将恶意命令重定向写入到系统任意文件，从而实现提权操作。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="libpam-biometric" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/libpam-biometric-4.10.0.0-1.p06.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>libpam-biometric-4.10.0.0-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-biometric-auth" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-biometric-auth-4.10.0.0-1.p06.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-biometric-auth-4.10.0.0-1.p06.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="ukui-polkit" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/ukui-polkit-4.10.0.0-1.p06.ky11.x86_64.rpm" version="4.10.0.0">
					<filename>ukui-polkit-4.10.0.0-1.p06.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1386</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-06-22 11:19:41"/>
		<updated date="2026-06-22 11:31:05"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-46331" id="CVE-2026-46331" severity="Important" severity_desc="高风险" title="Linux 内核网络调度（net/sched）子系统中 act_pedit 动作模块的一个内存损坏类漏洞，可被无特权本地用户利用实现 root 提权。" type="cve"/>
		</references>
		<pkglist>
			<collection short="KYLIN Linux Advanced Server V11-SVR25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kernel" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-abi-stablelists-6.6.0-32.19.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-32.19.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-core" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-core-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-cross-headers" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-devel-matched" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-devel-matched-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-doc-6.6.0-32.19.v2505.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-32.19.v2505.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-headers" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-headers-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-ipaclones-internal" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-ipaclones-internal-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-extra" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-modules-internal" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-selftests-internal" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-selftests-internal-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="kernel-tools-libs-devel" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="perf" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/perf-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="python3-perf" release="32.19.v2505.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/python3-perf-6.6.0-32.19.v2505.ky11.x86_64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-32.19.v2505.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="bugfix" version="">
		<id>KYBA-202507-1020</id>
		<title>关于 gnutls-3.8.2-4.p04.ky11.src.rpm 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2025-07-01 12:52:50"/>
		<updated date="2025-07-01 20:12:07"/>
		<severity>Low</severity>
		<description>关于 gnutls-3.8.2-4.p04.ky11.src.rpm 的补丁包公告</description>
		<references>
			<reference href="None/fault/detail?no=BUG-202506-1164" id="BUG-202506-1164" title="&lt;p&gt;略&lt;/p&gt;" type="bug"/>
		</references>
		<pkglist>
			<collection short="kylin linux advanced server v11-svr25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="gnutls" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnutls-3.8.2-4.p04.ky11.x86_64.rpm" version="3.8.2">
					<filename>gnutls-3.8.2-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gnutls-dane" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnutls-dane-3.8.2-4.p04.ky11.x86_64.rpm" version="3.8.2">
					<filename>gnutls-dane-3.8.2-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gnutls-devel" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnutls-devel-3.8.2-4.p04.ky11.x86_64.rpm" version="3.8.2">
					<filename>gnutls-devel-3.8.2-4.p04.ky11.x86_64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gnutls-help" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnutls-help-3.8.2-4.p04.ky11.noarch.rpm" version="3.8.2">
					<filename>gnutls-help-3.8.2-4.p04.ky11.noarch.rpm</filename>
				</package>
				<package arch="x86_64" epoch="0" name="gnutls-utils" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/gnutls-utils-3.8.2-4.p04.ky11.x86_64.rpm" version="3.8.2">
					<filename>gnutls-utils-3.8.2-4.p04.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="bugfix" version="">
		<id>KYBA-202602-1008</id>
		<title>关于 kylin-fs-safe-1.0-8.ky11.src.rpm 的补丁包公告</title>
		<release>KYLIN Linux Advanced Server V11-SVR25</release>
		<issued date="2026-02-10 12:50:08"/>
		<updated date="2026-02-12 10:23:19"/>
		<severity>Low</severity>
		<description>关于 kylin-fs-safe-1.0-8.ky11.src.rpm 的补丁包公告</description>
		<references>
			<reference href="None/fault/detail?no=BUG-202602-1012" id="BUG-202602-1012" title="&lt;p&gt;对接CI，触发单元测试&lt;/p&gt;" type="bug"/>
		</references>
		<pkglist>
			<collection short="kylin linux advanced server v11-svr25">
				<name>银河麒麟高级服务器操作系统 V11</name>
				<package arch="x86_64" epoch="0" name="kylin-fs-safe" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/2503/os/adv/lic/updates/x86_64/Packages/kylin-fs-safe-1.0-8.ky11.x86_64.rpm" version="1.0">
					<filename>kylin-fs-safe-1.0-8.ky11.x86_64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
</updates>
