<?xml version="1.0" ?>
<updates>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202601-1020</id>
		<title>关于 openvpn 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-01-09 14:16:45"/>
		<updated date="2026-01-12 14:41:54"/>
		<severity>Moderate</severity>
		<description>关于 openvpn 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13086" id="CVE-2025-13086" severity="Critical" severity_desc="严重风险" title="OpenVPN 存在HMAC验证逻辑漏洞。HMAC 验证检查：修复 memcmp() 调用错误。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13751" id="CVE-2025-13751" severity="Moderate" severity_desc="中风险" title="Windows 上的 OpenVPN 版本 2.5.0 至 2.7_rc2 中的交互式服务代理允许本地经过身份验证的用户连接到服务并触发错误，从而导致本地拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2704" id="CVE-2025-2704" severity="Important" severity_desc="高风险" title="OpenVPN服务器模式在TLS-crypt-v2功能中存在拒绝服务漏洞，该漏洞源于对早期握手阶段网络数据包的校验不充分（CWE-754：未对检查异常条件或意外条件进行正确检查）。远程攻击者可通过破坏并重放网络数据包，导致服务崩溃，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="openvpn" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvpn-2.6.9-6.p01.ky11.loongarch64.rpm" version="2.6.9">
					<filename>openvpn-2.6.9-6.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openvpn-devel" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvpn-devel-2.6.9-6.p01.ky11.loongarch64.rpm" version="2.6.9">
					<filename>openvpn-devel-2.6.9-6.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openvpn-help" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvpn-help-2.6.9-6.p01.ky11.noarch.rpm" version="2.6.9">
					<filename>openvpn-help-2.6.9-6.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1044</id>
		<title>关于 ffmpeg 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-03-17 12:50:07"/>
		<updated date="2026-03-23 15:37:23"/>
		<severity>Moderate</severity>
		<description>关于 ffmpeg 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-7700" id="CVE-2025-7700" severity="Moderate" severity_desc="中风险" title="FFmpeg的ALS音频解码器在处理特定格式错误的音频文件时存在空指针解引用漏洞，该漏洞源于程序未正确检查内存分配失败的情况。攻击者可通过诱导用户或系统处理特制的恶意音频文件，导致应用程序崩溃，从而造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="ffmpeg" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ffmpeg-6.1.1-24.ky11.loongarch64.rpm" version="6.1.1">
					<filename>ffmpeg-6.1.1-24.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ffmpeg-devel" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ffmpeg-devel-6.1.1-24.ky11.loongarch64.rpm" version="6.1.1">
					<filename>ffmpeg-devel-6.1.1-24.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ffmpeg-libs" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ffmpeg-libs-6.1.1-24.ky11.loongarch64.rpm" version="6.1.1">
					<filename>ffmpeg-libs-6.1.1-24.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libavdevice" release="24.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libavdevice-6.1.1-24.ky11.loongarch64.rpm" version="6.1.1">
					<filename>libavdevice-6.1.1-24.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1178</id>
		<title>关于 exiv2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-03-24 12:50:15"/>
		<updated date="2026-03-30 11:09:07"/>
		<severity>Important</severity>
		<description>关于 exiv2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25884" id="CVE-2026-25884" severity="Important" severity_desc="高风险" title="Exiv2是一个用于读取、写入、删除和修改图像元数据（如Exif、IPTC、XMP和ICC）的C++库及命令行工具。在0.28.8版本之前，其CRW图像解析器中存在一个越界读取漏洞。攻击者可通过构造恶意的图像文件触发该漏洞，可能导致信息泄露或程序崩溃（拒绝服务）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27596" id="CVE-2026-27596" severity="Important" severity_desc="高风险" title="Exiv2的预览组件存在越界读取漏洞，该漏洞源于对图像元数据处理时未正确校验边界，当用户通过命令行参数（如-pp）触发预览功能时，程序会尝试访问一个4GB偏移量的内存地址，导致越界读取，进而引发程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27631" id="CVE-2026-27631" severity="Moderate" severity_desc="中风险" title="Exiv2 是一个用于读取、写入、删除和修改图像元数据（如 Exif、IPTC、XMP 和 ICC）的 C++ 库及命令行工具。在 0.28.8 版本之前，Exiv2 的预览组件中存在一个未捕获的异常漏洞。当用户使用额外命令行参数（例如 -pp）运行 Exiv2 时会触发该漏洞。由于整数溢出问题，程序尝试创建一个巨大的 std::vector，从而引发未捕获的异常并导致程序崩溃。攻击者可利用此漏洞通过构造恶意图像文件或命令行参数造成拒绝服务（DoS）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="exiv2" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/exiv2-0.28.2-8.ky11.loongarch64.rpm" version="0.28.2">
					<filename>exiv2-0.28.2-8.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="exiv2-devel" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/exiv2-devel-0.28.2-8.ky11.loongarch64.rpm" version="0.28.2">
					<filename>exiv2-devel-0.28.2-8.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="exiv2-help" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/exiv2-help-0.28.2-8.ky11.noarch.rpm" version="0.28.2">
					<filename>exiv2-help-0.28.2-8.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1218</id>
		<title>关于 gnupg2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-03-31 12:50:15"/>
		<updated date="2026-04-07 10:00:55"/>
		<severity>Important</severity>
		<description>关于 gnupg2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68973" id="CVE-2025-68973" severity="Important" severity_desc="高风险" title="GNUPG 2.4.8及之前版本存在安全漏洞，该漏洞源于armor_filter中索引变量增量错误，可能导致越界写入。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24882" id="CVE-2026-24882" severity="Important" severity_desc="高风险" title="GnuPG 2.5.17之前版本中的tpm2daemon组件在处理TPM支持的RSA和ECC密钥的PKDECRYPT命令时存在栈缓冲区溢出漏洞。攻击者可通过本地访问并发送特制的解密请求来触发该漏洞，可能导致任意代码执行、信息泄露或系统崩溃（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="gnupg2" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnupg2-2.4.3-15.ky11.loongarch64.rpm" version="2.4.3">
					<filename>gnupg2-2.4.3-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gnupg2-help" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnupg2-help-2.4.3-15.ky11.noarch.rpm" version="2.4.3">
					<filename>gnupg2-help-2.4.3-15.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1230</id>
		<title>关于 libexif 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-03-31 12:50:29"/>
		<updated date="2026-04-07 09:54:48"/>
		<severity>Important</severity>
		<description>关于 libexif 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32775" id="CVE-2026-32775" severity="Important" severity_desc="高风险" title="libexif库的exif_mnote_data_get_value函数在处理MakerNotes解码时存在整数下溢漏洞，该漏洞源于当传入的缓冲区大小为0时，函数内部发生整数下溢，导致传入的缓冲区被覆盖。可能导致任意代码执行或应用程序崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libexif" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libexif-0.6.24-2.ky11.loongarch64.rpm" version="0.6.24">
					<filename>libexif-0.6.24-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libexif-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libexif-devel-0.6.24-2.ky11.loongarch64.rpm" version="0.6.24">
					<filename>libexif-devel-0.6.24-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libexif-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libexif-help-0.6.24-2.ky11.noarch.rpm" version="0.6.24">
					<filename>libexif-help-0.6.24-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202603-1252</id>
		<title>关于 zlib 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-03-31 12:50:53"/>
		<updated date="2026-04-07 09:22:50"/>
		<severity>Low</severity>
		<description>关于 zlib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27171" id="CVE-2026-27171" severity="Low" severity_desc="低风险" title="zlib 1.3.2之前版本存在CPU资源消耗漏洞。该漏洞源于在crc32_combine64和crc32_combine_gen64函数中，内部函数x2nmodp在循环中执行右移操作时缺少终止条件，导致攻击者可通过调用这些函数触发无限循环，从而造成CPU资源耗尽，引发拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="minizip" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/minizip-1.2.13-5.ky11.loongarch64.rpm" version="1.2.13">
					<filename>minizip-1.2.13-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="minizip-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/minizip-devel-1.2.13-5.ky11.loongarch64.rpm" version="1.2.13">
					<filename>minizip-devel-1.2.13-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="zlib" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/zlib-1.2.13-5.ky11.loongarch64.rpm" version="1.2.13">
					<filename>zlib-1.2.13-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="zlib-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/zlib-devel-1.2.13-5.ky11.loongarch64.rpm" version="1.2.13">
					<filename>zlib-devel-1.2.13-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="zlib-help" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/zlib-help-1.2.13-5.ky11.noarch.rpm" version="1.2.13">
					<filename>zlib-help-1.2.13-5.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1029</id>
		<title>关于 git 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-07 12:50:23"/>
		<updated date="2026-04-13 11:23:17"/>
		<severity>Important</severity>
		<description>关于 git 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-66413" id="CVE-2025-66413" severity="Important" severity_desc="高风险" title="Git for Windows的Git克隆功能存在信息泄露漏洞，该漏洞源于未对克隆来源服务器进行充分的安全校验。当用户从恶意服务器克隆代码库时，攻击者可能获取用户的NTLM哈希值。由于NTLM哈希算法强度较弱，攻击者可通过暴力破解方式获取用户的账户名和密码，导致用户凭证信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="git" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-2.43.0-11.ky11.loongarch64.rpm" version="2.43.0">
					<filename>git-2.43.0-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="git-core" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-core-2.43.0-11.ky11.loongarch64.rpm" version="2.43.0">
					<filename>git-core-2.43.0-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="git-daemon" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-daemon-2.43.0-11.ky11.loongarch64.rpm" version="2.43.0">
					<filename>git-daemon-2.43.0-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-email" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-email-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-email-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-gui" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-gui-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-gui-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-help" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-help-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-help-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gitk" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gitk-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>gitk-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-svn" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-svn-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-svn-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="git-web" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/git-web-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>git-web-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="perl-Git" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/perl-Git-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>perl-Git-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="perl-Git-SVN" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/perl-Git-SVN-2.43.0-11.ky11.noarch.rpm" version="2.43.0">
					<filename>perl-Git-SVN-2.43.0-11.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1050</id>
		<title>关于 pyOpenSSL 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-07 12:50:35"/>
		<updated date="2026-04-13 10:31:09"/>
		<severity>Important</severity>
		<description>关于 pyOpenSSL 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27448" id="CVE-2026-27448" severity="Moderate" severity_desc="中风险" title="pyOpenSSL的set_tlsext_servername_callback回调函数存在安全特性绕过漏洞，该漏洞源于当用户提供的回调函数抛出未处理异常时，程序会错误地接受连接而非拒绝连接。如果用户依赖此回调函数执行任何安全敏感行为，可能导致安全策略被绕过，使得未经授权的连接被接受。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="pyOpenSSL-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pyOpenSSL-help-24.0.0-3.ky11.noarch.rpm" version="24.0.0">
					<filename>pyOpenSSL-help-24.0.0-3.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-pyOpenSSL" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-pyOpenSSL-24.0.0-3.ky11.noarch.rpm" version="24.0.0">
					<filename>python3-pyOpenSSL-24.0.0-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1057</id>
		<title>关于 python-pip 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-07 12:50:41"/>
		<updated date="2026-04-13 10:25:56"/>
		<severity>Important</severity>
		<description>关于 python-pip 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-47081" id="CVE-2024-47081" severity="Moderate" severity_desc="中风险" title="Python Requests库在处理特定恶意构造的URL时存在URL解析问题，可能导致.netrc文件中的认证凭据被泄露给第三方。该漏洞源于对URL解析过程中未正确隔离敏感信息，攻击者可诱导应用程序访问恶意构造的URL从而获取用户的认证凭据。此漏洞可能造成身份冒用和未授权访问等风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-50181" id="CVE-2025-50181" severity="Moderate" severity_desc="中风险" title="urllib3的PoolManager组件在配置重试策略时存在安全限制绕过漏洞，该漏洞源于未正确校验重定向禁用逻辑。攻击者可通过实例化PoolManager并设置特定重试参数来禁用所有请求的重定向功能，导致应用程序在PoolManager级别尝试通过禁用重定向来缓解SSRF或开放重定向漏洞时，其安全防护措施失效，仍可能遭受攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-66418" id="CVE-2025-66418" severity="Important" severity_desc="高风险" title="urllib3组件在处理HTTP响应解压缩功能中存在安全漏洞，该漏洞源于对解压缩链中的链接数量未进行限制，导致攻击者可通过发送多层压缩数据包引发CPU资源耗尽和内存分配激增，最终导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-8869" id="CVE-2025-8869" severity="Moderate" severity_desc="中风险" title="pip的tar归档解压功能中的回退代码（fallback implementation）存在路径遍历漏洞。该漏洞源于在运行于未实现PEP 706标准的Python版本上时，程序未正确校验tar归档中的符号链接是否指向解压目录范围内。可能导致攻击者利用特制的源发行版（sdists）归档文件，在安装过程中将文件写入到目标解压目录之外的位置。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1703" id="CVE-2026-1703" severity="Low" severity_desc="低风险" title="pip的wheel归档文件安装与解压模块存在路径穿越漏洞，该漏洞源于程序在处理恶意构造的wheel归档文件时，未能正确校验或过滤文件名中的路径序列。攻击者可通过构造包含特定路径偏移的wheel文件，诱导系统将文件提取至安装目录之外的特定位置。由于路径穿越被限制在安装目录的前缀范围内，在常规环境下通常无法直接注入或覆盖核心可执行文件，但仍可能导致非预期的文件写入。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-21441" id="CVE-2026-21441" severity="Important" severity_desc="高风险" title="urllib3 2.6.3之前版本存在安全漏洞，该漏洞源于处理HTTP重定向响应时未限制解压缩数据量，可能导致资源消耗过多。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="python3-pip" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-pip-23.3.1-9.ky11.noarch.rpm" version="23.3.1">
					<filename>python3-pip-23.3.1-9.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-pip-help" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-pip-help-23.3.1-9.ky11.noarch.rpm" version="23.3.1">
					<filename>python-pip-help-23.3.1-9.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-pip-wheel" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-pip-wheel-23.3.1-9.ky11.noarch.rpm" version="23.3.1">
					<filename>python-pip-wheel-23.3.1-9.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1082</id>
		<title>关于 edk2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-14 12:50:11"/>
		<updated date="2026-04-27 09:54:33"/>
		<severity>Low</severity>
		<description>关于 edk2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2295" id="CVE-2025-2295" severity="Low" severity_desc="低风险" title="EDK2的BIOS模块存在整数溢出漏洞，该漏洞源于未对网络输入数据进行边界校验。可能导致攻击者通过网络提交特制数据，触发整数溢出或环绕，进而导致系统拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="edk2-aarch64" release="25.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-aarch64-202308-25.p08.ky11.noarch.rpm" version="202308">
					<filename>edk2-aarch64-202308-25.p08.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="edk2-devel" release="25.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-devel-202308-25.p08.ky11.loongarch64.rpm" version="202308">
					<filename>edk2-devel-202308-25.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-help" release="25.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-help-202308-25.p08.ky11.noarch.rpm" version="202308">
					<filename>edk2-help-202308-25.p08.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-ovmf" release="25.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-ovmf-202308-25.p08.ky11.noarch.rpm" version="202308">
					<filename>edk2-ovmf-202308-25.p08.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-ovmf-loongarch64" release="25.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-ovmf-loongarch64-202308-25.p08.ky11.noarch.rpm" version="202308">
					<filename>edk2-ovmf-loongarch64-202308-25.p08.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-edk2-devel" release="25.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-edk2-devel-202308-25.p08.ky11.noarch.rpm" version="202308">
					<filename>python3-edk2-devel-202308-25.p08.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1102</id>
		<title>关于 openldap 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-14 12:50:19"/>
		<updated date="2026-04-20 12:59:59"/>
		<severity>Moderate</severity>
		<description>关于 openldap 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22185" id="CVE-2026-22185" severity="Moderate" severity_desc="中风险" title="OpenLDAP Lightning Memory-Mapped Database (LMDB) 0.9.14 及更早版本的 mdb_load 工具存在安全漏洞，该漏洞源于 readline() 函数在处理包含嵌入空字节的畸形输入时，无符号偏移量计算发生下溢。攻击者可通过构造恶意输入文件触发越界读取，导致程序崩溃（拒绝服务）或有限堆内存内容泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="openldap" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openldap-2.6.5-7.ky11.loongarch64.rpm" version="2.6.5">
					<filename>openldap-2.6.5-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openldap-clients" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openldap-clients-2.6.5-7.ky11.loongarch64.rpm" version="2.6.5">
					<filename>openldap-clients-2.6.5-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openldap-devel" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openldap-devel-2.6.5-7.ky11.loongarch64.rpm" version="2.6.5">
					<filename>openldap-devel-2.6.5-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openldap-help" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openldap-help-2.6.5-7.ky11.noarch.rpm" version="2.6.5">
					<filename>openldap-help-2.6.5-7.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openldap-servers" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openldap-servers-2.6.5-7.ky11.loongarch64.rpm" version="2.6.5">
					<filename>openldap-servers-2.6.5-7.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1115</id>
		<title>关于 qt5-qtimageformats 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-14 12:50:24"/>
		<updated date="2026-04-20 13:15:45"/>
		<severity>Important</severity>
		<description>关于 qt5-qtimageformats 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5683" id="CVE-2025-5683" severity="Moderate" severity_desc="中风险" title="Qt 的 QImage 组件在加载特制的 ICNS 格式图像文件时存在资源分配不当漏洞，该漏洞源于未正确限制资源分配或初始化，导致在处理畸形文件时触发崩溃。可能导致拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="qt5-qtimageformats" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtimageformats-5.15.10-2.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtimageformats-5.15.10-2.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1117</id>
		<title>关于 vim 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-14 12:50:25"/>
		<updated date="2026-04-27 09:52:22"/>
		<severity>Important</severity>
		<description>关于 vim 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34982" id="CVE-2026-34982" severity="Important" severity_desc="高风险" title="Vim的modeline功能存在沙箱绕过漏洞，该漏洞源于complete、guitabtooltip和printheader选项缺少P_MLE标志，导致允许执行modeline，同时mapset()函数缺少check_secure()调用，允许从沙箱表达式中滥用该函数。可能导致当用户打开特制文件时执行任意操作系统命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="2" name="vim-common" release="22.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-common-9.0.2092-22.p02.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-common-9.0.2092-22.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="vim-enhanced" release="22.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-enhanced-9.0.2092-22.p02.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-enhanced-9.0.2092-22.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="vim-filesystem" release="22.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-filesystem-9.0.2092-22.p02.ky11.noarch.rpm" version="9.0.2092">
					<filename>vim-filesystem-9.0.2092-22.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="vim-minimal" release="22.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-minimal-9.0.2092-22.p02.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-minimal-9.0.2092-22.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="vim-X11" release="22.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-X11-9.0.2092-22.p02.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-X11-9.0.2092-22.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1130</id>
		<title>关于 libsoup3 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 12:50:15"/>
		<updated date="2026-04-27 09:49:02"/>
		<severity>Moderate</severity>
		<description>关于 libsoup3 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4476" id="CVE-2025-4476" severity="Moderate" severity_desc="中风险" title="在libsoup HTTP客户端库中发现了一个拒绝服务漏洞。当libsoup客户端接收到包含特定构造的domain参数的401（未授权）HTTP响应时，会触发此缺陷。处理这个格式错误的WWW-Authenticate头部可能导致使用libsoup的客户端应用程序崩溃。攻击者可以通过设置恶意HTTP服务器来利用此漏洞。如果用户的使用易受攻击的libsoup库的应用程序连接到该恶意服务器，则可能导致拒绝服务。成功利用需要诱使用户的客户端应用程序连接到攻击者的恶意服务器。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libsoup3" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup3-3.4.4-5.ky11.loongarch64.rpm" version="3.4.4">
					<filename>libsoup3-3.4.4-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsoup3-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup3-devel-3.4.4-5.ky11.loongarch64.rpm" version="3.4.4">
					<filename>libsoup3-devel-3.4.4-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup3-help" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup3-help-3.4.4-5.ky11.noarch.rpm" version="3.4.4">
					<filename>libsoup3-help-3.4.4-5.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1131</id>
		<title>关于 libssh 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 12:50:15"/>
		<updated date="2026-04-27 10:01:20"/>
		<severity>Important</severity>
		<description>关于 libssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0964" id="CVE-2026-0964" severity="Moderate" severity_desc="中风险" title="libssh的SCP客户端功能存在路径遍历漏洞，该漏洞源于未正确校验SCP服务器返回的文件路径。恶意的SCP服务器可以发送非预期的路径，导致客户端应用程序将文件覆盖到工作目录之外的位置。此漏洞可能被利用来创建恶意的可执行文件或配置文件，并在特定条件下诱使用户执行这些文件。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0965" id="CVE-2026-0965" severity="Low" severity_desc="低风险" title="libssh 库在解析配置文件时存在安全漏洞，当配置不当或本地攻击者提供恶意配置文件时，程序可能会尝试打开任意文件。该漏洞影响通过默认路径加载的配置、使用 ssh_config_parse_file() 和 ssh_bind_config_parse_file() 函数加载的配置，以及通过 glob 通配符包含的配置文件。危险文件包括块设备、FIFO、命名管道或大型系统文件，可能导致拒绝服务。解决方案是限制只读取常规文件，并设置配置文件大小上限为 16MB。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0966" id="CVE-2026-0966" severity="Low" severity_desc="低风险" title="libssh组件存在缓冲区溢出漏洞，该漏洞源于在处理输入数据时未正确验证输入缓冲区与输出缓冲区的大小关系，导致攻击者可能通过构造恶意输入触发缓冲区溢出，进而导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0967" id="CVE-2026-0967" severity="Low" severity_desc="低风险" title="libssh 客户端与服务器组件在处理配置文件（如客户端配置或 known_hosts）中的模式匹配逻辑时存在拒绝服务漏洞。该漏洞源于 match_pattern() 函数在执行正则表达式或通配符匹配时算法实现不够稳健，导致在处理经过特殊构造的复杂模式时会产生效率极低的回溯行为。如果攻击者能够控制配置文件或诱导受害者连接到特定的主机名，将触发严重的计算资源枯竭和超时，从而导致程序停止响应。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0968" id="CVE-2026-0968" severity="Important" severity_desc="高风险" title="libssh 组件存在拒绝服务漏洞，该漏洞源于在处理畸形的 SFTP 消息时未能正确验证输入，攻击者可构造恶意的 SFTP 消息触发该漏洞，从而导致服务异常终止或资源耗尽，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3731" id="CVE-2026-3731" severity="Moderate" severity_desc="中风险" title="libssh的SFTP扩展名称处理模块中的sftp_extensions_get_name/sftp_extensions_get_data函数存在越界读取漏洞，该漏洞源于对参数idx的操纵未进行有效边界检查。攻击者可通过远程方式利用此漏洞，导致越界读取，可能造成信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libssh" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libssh-0.10.5-10.ky11.loongarch64.rpm" version="0.10.5">
					<filename>libssh-0.10.5-10.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libssh-devel" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libssh-devel-0.10.5-10.ky11.loongarch64.rpm" version="0.10.5">
					<filename>libssh-devel-0.10.5-10.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libssh-help" release="10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libssh-help-0.10.5-10.ky11.noarch.rpm" version="0.10.5">
					<filename>libssh-help-0.10.5-10.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1140</id>
		<title>关于 openssh 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 12:50:19"/>
		<updated date="2026-04-27 09:50:25"/>
		<severity>Important</severity>
		<description>关于 openssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35385" id="CVE-2026-35385" severity="Important" severity_desc="高风险" title="OpenSSH 10.3版本之前存在权限设置不当漏洞，当以root用户身份使用scp命令并启用-O选项（旧版scp协议）且未使用-p选项（保留文件模式）时，下载的文件可能会被错误地安装为setuid或setgid属性，这与部分用户的预期行为不符。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="openssh" release="5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-9.6p1-5.p11.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-9.6p1-5.p11.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-askpass" release="5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-askpass-9.6p1-5.p11.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-askpass-9.6p1-5.p11.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-clients" release="5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-clients-9.6p1-5.p11.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-clients-9.6p1-5.p11.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openssh-help" release="5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-help-9.6p1-5.p11.se.01.ky11.noarch.rpm" version="9.6p1">
					<filename>openssh-help-9.6p1-5.p11.se.01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-keycat" release="5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-keycat-9.6p1-5.p11.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-keycat-9.6p1-5.p11.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-server" release="5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-server-9.6p1-5.p11.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-server-9.6p1-5.p11.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="pam_ssh_agent_auth" release="4.5.p11.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pam_ssh_agent_auth-0.10.4-4.5.p11.se.01.ky11.loongarch64.rpm" version="0.10.4">
					<filename>pam_ssh_agent_auth-0.10.4-4.5.p11.se.01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1146</id>
		<title>关于 openssl 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 12:50:22"/>
		<updated date="2026-04-27 09:58:53"/>
		<severity>Important</severity>
		<description>关于 openssl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28387" id="CVE-2026-28387" severity="Low" severity_desc="低风险" title="OpenSSL客户端在处理DANE TLSA记录时存在释放后重用/双重释放漏洞，该漏洞源于对特定配置的TLSA记录（同时包含PKIX-TA(0)/PKIX-EE(1)和DANE-TA(2)证书用途）未正确管理内存。可能导致数据损坏、应用程序崩溃或执行任意代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28388" id="CVE-2026-28388" severity="Important" severity_desc="高风险" title="OpenSSL组件在处理包含Delta CRL Indicator扩展的增量CRL时，若缺少必需的CRL Number扩展，可能发生空指针解引用。该漏洞源于在X.509证书验证过程中启用CRL和增量CRL处理时，未检查CRL Number扩展是否为空便直接对其进行解引用。当应用程序处理恶意构造的增量CRL文件时，可触发空指针解引用，导致应用程序崩溃，从而引发拒绝服务攻击。攻击者需使能X509_V_FLAG_USE_DELTAS标志、目标证书含freshestCRL扩展或基础CRL设置EXFLAG_FRESHEST标志，并向应用提供畸形CRL才能成功利用此漏洞。该漏洞仅限于造成拒绝服务，无法升级为代码执行或内存泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28389" id="CVE-2026-28389" severity="Important" severity_desc="高风险" title="OpenSSL组件在处理构造的CMS EnvelopedData消息时存在空指针解引用漏洞，该漏洞源于在使用KeyAgreeRecipientInfo处理过程中未检查可选参数字段是否存在即直接访问，导致当字段缺失时发生空指针解引用。攻击者可通过向调用CMS_decrypt()函数的应用程序（如S/MIME处理或基于CMS的协议）提供恶意构造的CMS数据，在认证或加密操作之前触发应用程序崩溃，从而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28390" id="CVE-2026-28390" severity="Important" severity_desc="高风险" title="OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。
OpenSSL存在安全漏洞，该漏洞源于处理特制的使用KeyTransportRecipientInfo的CMS EnvelopedData消息时可能导致空指针取消引用，可能导致应用程序崩溃和拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-31789" id="CVE-2026-31789" severity="Low" severity_desc="低风险" title="OpenSSL组件在将过大的OCTET STRING值转换为十六进制字符串时，在32位平台上存在堆缓冲区溢出漏洞。该漏洞源于在计算目标缓冲区大小时，未正确处理整数溢出问题，导致分配了过小的缓冲区。攻击者可构造包含超大OCTET STRING值的X.509证书（例如在Subject Key Identifier或Authority Key Identifier扩展中），当应用程序打印或记录此类不受信任的证书内容时，可能触发堆缓冲区溢出，进而导致程序崩溃或执行攻击者控制的代码等未定义行为。由于构造此类证书需要超过1GB的大小，实际利用可能性较低，且仅影响32位平台，因此被评定为低危漏洞。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-31790" id="CVE-2026-31790" severity="Important" severity_desc="高风险" title="OpenSSL组件中的RSASVE（RSA Secret Key Encapsulation）密钥封装机制存在安全漏洞，该漏洞源于在使用RSA公钥加密建立秘密加密密钥时，未正确验证加密操作是否成功。当RSA加密失败时，程序仍会错误地返回成功状态并设置输出长度，导致调用方误以为生成了有效的密文。若应用程序在未先验证攻击者提供的非法RSA公钥的情况下，使用EVP_PKEY_encapsulate()函数进行密钥封装，则可能导致调用方提供的密文缓冲区中残留或未初始化的数据被泄露给攻击者。攻击者可利用此漏洞获取先前进程运行过程中留下的敏感信息，造成敏感数据泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="openssl" release="17.p11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssl-3.0.12-17.p11.ky11.loongarch64.rpm" version="3.0.12">
					<filename>openssl-3.0.12-17.p11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="openssl-devel" release="17.p11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssl-devel-3.0.12-17.p11.ky11.loongarch64.rpm" version="3.0.12">
					<filename>openssl-devel-3.0.12-17.p11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="openssl-help" release="17.p11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssl-help-3.0.12-17.p11.ky11.noarch.rpm" version="3.0.12">
					<filename>openssl-help-3.0.12-17.p11.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="openssl-libs" release="17.p11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssl-libs-3.0.12-17.p11.ky11.loongarch64.rpm" version="3.0.12">
					<filename>openssl-libs-3.0.12-17.p11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="openssl-perl" release="17.p11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssl-perl-3.0.12-17.p11.ky11.loongarch64.rpm" version="3.0.12">
					<filename>openssl-perl-3.0.12-17.p11.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1155</id>
		<title>关于 python-tornado 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 12:50:25"/>
		<updated date="2026-04-27 09:44:50"/>
		<severity>Important</severity>
		<description>关于 python-tornado 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35536" id="CVE-2026-35536" severity="Important" severity_desc="高风险" title="Tornado Web 框架的 RequestHandler.set_cookie 方法存在 Cookie 属性注入漏洞，该漏洞源于在设置 Cookie 时，对 domain、path 和 samesite 参数未进行针对特制字符的检查。可能导致导致攻击者可以通过构造包含特殊字符的这些参数值，注入恶意的 Cookie 属性。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="python3-tornado" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-tornado-6.5-4.ky11.loongarch64.rpm" version="6.5">
					<filename>python3-tornado-6.5-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python-tornado-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-tornado-help-6.5-4.ky11.loongarch64.rpm" version="6.5">
					<filename>python-tornado-help-6.5-4.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1164</id>
		<title>关于 unbound 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 12:50:31"/>
		<updated date="2026-04-27 09:37:54"/>
		<severity>Important</severity>
		<description>关于 unbound 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11411" id="CVE-2025-11411" severity="Important" severity_desc="高风险" title="NLnet Labs Unbound 1.24.0及之前版本存在安全漏洞，该漏洞源于未清理未经请求的NS记录集，可能导致域名劫持攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="python3-unbound" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-unbound-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>python3-unbound-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="unbound" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/unbound-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>unbound-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="unbound-anchor" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/unbound-anchor-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>unbound-anchor-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="unbound-devel" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/unbound-devel-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>unbound-devel-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="unbound-help" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/unbound-help-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>unbound-help-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="unbound-libs" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/unbound-libs-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>unbound-libs-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="unbound-utils" release="15.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/unbound-utils-1.17.1-15.ky11.loongarch64.rpm" version="1.17.1">
					<filename>unbound-utils-1.17.1-15.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1170</id>
		<title>关于 edk2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 18:50:05"/>
		<updated date="2026-04-27 09:21:54"/>
		<severity>Moderate</severity>
		<description>关于 edk2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-49721" id="CVE-2023-49721" severity="Moderate" severity_desc="中风险" title="LXD的EDK2组件UEFI Shell默认启用导致安全启动绕过漏洞，该漏洞源于不安全的默认配置，允许操作系统驻留的攻击者绕过安全启动（Secure Boot）机制，可能导致系统完整性受损。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="edk2-aarch64" release="25.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-aarch64-202308-25.p09.ky11.noarch.rpm" version="202308">
					<filename>edk2-aarch64-202308-25.p09.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="edk2-devel" release="25.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-devel-202308-25.p09.ky11.loongarch64.rpm" version="202308">
					<filename>edk2-devel-202308-25.p09.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-help" release="25.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-help-202308-25.p09.ky11.noarch.rpm" version="202308">
					<filename>edk2-help-202308-25.p09.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-ovmf" release="25.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-ovmf-202308-25.p09.ky11.noarch.rpm" version="202308">
					<filename>edk2-ovmf-202308-25.p09.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-ovmf-loongarch64" release="25.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-ovmf-loongarch64-202308-25.p09.ky11.noarch.rpm" version="202308">
					<filename>edk2-ovmf-loongarch64-202308-25.p09.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-edk2-devel" release="25.p09.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-edk2-devel-202308-25.p09.ky11.noarch.rpm" version="202308">
					<filename>python3-edk2-devel-202308-25.p09.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1171</id>
		<title>关于 expat 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 18:50:06"/>
		<updated date="2026-04-27 09:36:29"/>
		<severity>Low</severity>
		<description>关于 expat 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-59375" id="CVE-2025-59375" severity="Important" severity_desc="高风险" title="在 Expat 2.7.2 之前的版本中，libexpat 存在漏洞，攻击者可以通过提交一个小型文档进行解析，从而触发大量的动态内存分配。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24515" id="CVE-2026-24515" severity="Low" severity_desc="低风险" title="libexpat的XML_ExternalEntityParserCreate函数存在空指针解引用漏洞，该漏洞源于在处理未知编码时未正确复制编码处理程序用户数据。可能导致程序崩溃，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25210" id="CVE-2026-25210" severity="Moderate" severity_desc="中风险" title="libexpat库的doContent函数在处理标签缓冲区重新分配时存在整数溢出漏洞，该漏洞源于未对缓冲区大小bufSize进行整数溢出检查。可能导致内存损坏，进而引发拒绝服务或潜在代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32776" id="CVE-2026-32776" severity="Moderate" severity_desc="中风险" title="libexpat的XML解析器在处理空外部参数实体内容时存在空指针解引用漏洞，该漏洞源于对空外部参数实体内容的处理逻辑存在缺陷，未正确校验指针有效性。可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32777" id="CVE-2026-32777" severity="Moderate" severity_desc="中风险" title="libexpat库在解析DTD内容时存在无限循环漏洞，攻击者可构造恶意的DTD内容触发该漏洞，导致程序陷入无限循环，从而引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32778" id="CVE-2026-32778" severity="Low" severity_desc="低风险" title="libexpat的setContext函数在先前内存不足（out-of-memory）条件后的重试过程中存在空指针解引用漏洞，该漏洞源于在内存分配失败后未正确检查指针有效性，可能导致程序崩溃，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="expat" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/expat-2.5.0-17.ky11.loongarch64.rpm" version="2.5.0">
					<filename>expat-2.5.0-17.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="expat-devel" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/expat-devel-2.5.0-17.ky11.loongarch64.rpm" version="2.5.0">
					<filename>expat-devel-2.5.0-17.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="expat-help" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/expat-help-2.5.0-17.ky11.noarch.rpm" version="2.5.0">
					<filename>expat-help-2.5.0-17.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1175</id>
		<title>关于 kylin-disk-encryption 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 18:50:07"/>
		<updated date="2026-04-27 09:35:24"/>
		<severity>Important</severity>
		<description>关于 kylin-disk-encryption 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0210" id="KVE-2026-0210" severity="Important" severity_desc="高风险" title="麒麟桌面操作系统中kylin-disk-encryption组件Dbus接口存在提权漏洞，可以使任意用户以Root权限修改任意文件所属。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-disk-encryption" release="2.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-disk-encryption-1.2.0.0-2.se.02.ky11.loongarch64.rpm" version="1.2.0.0">
					<filename>kylin-disk-encryption-1.2.0.0-2.se.02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkylin-disk-encryption" release="2.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkylin-disk-encryption-1.2.0.0-2.se.02.ky11.loongarch64.rpm" version="1.2.0.0">
					<filename>libkylin-disk-encryption-1.2.0.0-2.se.02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="peony-disk-encryption" release="2.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/peony-disk-encryption-1.2.0.0-2.se.02.ky11.loongarch64.rpm" version="1.2.0.0">
					<filename>peony-disk-encryption-1.2.0.0-2.se.02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1180</id>
		<title>关于 qt5-qtdeclarative 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 18:50:09"/>
		<updated date="2026-04-27 09:34:05"/>
		<severity>Important</severity>
		<description>关于 qt5-qtdeclarative 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-12385" id="CVE-2025-12385" severity="Important" severity_desc="高风险" title="Qt组件存在资源分配无限制漏洞，该漏洞源于在Qt Quick的Text组件中对&lt;img&gt;标签的宽度和高度参数未进行有效验证，导致攻击者可通过构造恶意输入触发过度资源分配，最终导致应用程序无响应或崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="qt5-qtdeclarative" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtdeclarative-5.15.10-2.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtdeclarative-5.15.10-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="qt5-qtdeclarative-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtdeclarative-devel-5.15.10-2.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtdeclarative-devel-5.15.10-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="qt5-qtdeclarative-examples" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtdeclarative-examples-5.15.10-2.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtdeclarative-examples-5.15.10-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="qt5-qtdeclarative-static" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtdeclarative-static-5.15.10-2.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtdeclarative-static-5.15.10-2.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202604-1182</id>
		<title>关于 strongswan 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-04-21 18:50:10"/>
		<updated date="2026-04-27 09:33:24"/>
		<severity>Important</severity>
		<description>关于 strongswan 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25075" id="CVE-2026-25075" severity="Important" severity_desc="高风险" title="strongSwan 6.0.5之前版本存在整数溢出漏洞，该漏洞源于EAP-TTLS AVP解析器存在整数下溢，可能导致未经身份验证的远程攻击者通过发送具有无效长度字段的特制AVP数据来造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="strongswan" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/strongswan-5.9.10-4.p04.ky11.loongarch64.rpm" version="5.9.10">
					<filename>strongswan-5.9.10-4.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="strongswan-charon-nm" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/strongswan-charon-nm-5.9.10-4.p04.ky11.loongarch64.rpm" version="5.9.10">
					<filename>strongswan-charon-nm-5.9.10-4.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="strongswan-libipsec" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/strongswan-libipsec-5.9.10-4.p04.ky11.loongarch64.rpm" version="5.9.10">
					<filename>strongswan-libipsec-5.9.10-4.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="strongswan-sqlite" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/strongswan-sqlite-5.9.10-4.p04.ky11.loongarch64.rpm" version="5.9.10">
					<filename>strongswan-sqlite-5.9.10-4.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="strongswan-tnc-imcvs" release="4.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/strongswan-tnc-imcvs-5.9.10-4.p04.ky11.loongarch64.rpm" version="5.9.10">
					<filename>strongswan-tnc-imcvs-5.9.10-4.p04.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1001</id>
		<title>关于 assimp 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:27"/>
		<updated date="2026-05-11 17:04:48"/>
		<severity>Moderate</severity>
		<description>关于 assimp 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11277" id="CVE-2025-11277" severity="Moderate" severity_desc="中风险" title="Assimp 6.0.2版本中的Q3D加载模块存在安全漏洞，具体位于文件assimp/code/AssetLib/Q3D/Q3DLoader.cpp中的Q3DImporter::InternReadFile函数。该漏洞源于在处理特定文件时未正确验证输入数据，导致发生堆缓冲区溢出。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2152" id="CVE-2025-2152" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的文件处理组件BaseImporter.cpp存在安全漏洞，具体影响函数Assimp::BaseImporter::ConvertToUTF8。该漏洞源于在处理特定输入时未正确验证数据长度，导致发生堆缓冲区溢出。攻击者可利用此漏洞通过远程方式发送恶意构造的数据来触发缓冲区溢出，可能造成应用程序崩溃或任意代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2591" id="CVE-2025-2591" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library 5.4.3版本存在安全漏洞，该漏洞源于code/AssetLib/MDL/MDLLoader.cpp文件的MDLImporter::InternReadFile_Quake1函数存在除零错误。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2751" id="CVE-2025-2751" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的CSM文件处理器存在安全漏洞，具体位于code/AssetLib/CSM/CSMLoader.cpp文件的Assimp::CSMImporter::InternReadFile函数中。该漏洞是由于对参数na处理不当导致越界读取，攻击者可远程发起攻击，利用此漏洞可能造成信息泄露或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2752" id="CVE-2025-2752" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library（assimp） 5.4.3版本存在缓冲区错误漏洞，该漏洞源于存在越界读取。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2754" id="CVE-2025-2754" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的AC3D文件处理器组件存在堆缓冲区溢出漏洞，具体位于code/AssetLib/AC/ACLoader.cpp文件中的Assimp::AC3DImporter::ConvertObjectSection函数。攻击者可通过远程发送特制的AC3D文件参数触发该漏洞，可能导致任意代码执行或服务拒绝。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2755" id="CVE-2025-2755" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本的AC3D File Handler组件中code/AssetLib/AC/ACLoader.cpp文件的Assimp::AC3DImporter::ConvertObjectSection函数存在越界读取漏洞，该漏洞源于程序在处理AC3D文件对象节时，对src.entries参数的操纵未进行有效的边界检查。攻击者可以通过远程方式利用该漏洞，诱导系统加载恶意构造的AC3D模型文件，从而导致敏感信息泄露或触发应用程序异常终止。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-2756" id="CVE-2025-2756" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library（assimp） 5.4.3版本存在安全漏洞，该漏洞源于对参数tmp的错误操作会导致堆缓冲区溢出。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-3158" id="CVE-2025-3158" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3 版本的 LWO File Handler 组件存在堆缓冲区溢出漏洞。该漏洞位于 code/AssetLib/LWO/LWOAnimation.cpp 文件的 Assimp::LWO::AnimResolver::UpdateAnimRangeSetup 函数中。攻击者可以通过诱导受害者加载特制的恶意 LWO 文件，利用受损的内存分配或边界检查逻辑，在本地主机上触发堆内存越界写入。该漏洞可能导致程序崩溃、任意代码执行或本地提权。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-3196" id="CVE-2025-3196" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library Assimp组件的File Handler模块中的aiString::Set函数存在堆缓冲区溢出漏洞，该漏洞源于程序未正确验证输入数据长度或边界条件。可能导致执行任意代码或应用程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-3548" id="CVE-2025-3548" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3及之前版本中的文件处理组件存在堆缓冲区溢出漏洞，问题出现在include/assimp/types.h头文件中的aiString::Set函数。攻击者可通过本地主机提交特制输入数据触发该漏洞，可能导致任意代码执行或拒绝服务。该漏洞已被公开披露并有实际利用案例，建议及时应用官方补丁修复。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-3549" id="CVE-2025-3549" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library Assimp组件的File Handler模块中的Assimp::MD3Importer::ValidateSurfaceHeaderOffsets函数存在堆缓冲区溢出漏洞，该漏洞源于程序未正确验证偏移量或边界条件。可能导致执行任意代码或应用程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5165" id="CVE-2025-5165" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的MDC模型加载器存在缓冲区错误漏洞，该漏洞位于文件assimp/code/AssetLib/MDC/MDCLoader.cpp中的MDCImporter::ValidateSurfaceHeader函数。攻击者通过操纵pcSurface2参数可触发越界读取漏洞。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5166" id="CVE-2025-5166" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的MDC文件解析组件存在安全漏洞，具体位于assimp/code/AssetLib/MDC/MDCLoader.cpp文件中的MDCImporter::InternReadFile函数。该漏洞源于对参数pcVerts处理时未进行边界检查，导致攻击者可以通过构造恶意的MDC文件触发越界读取。攻击者可利用此漏洞在本地主机上发起攻击，可能导致应用程序崩溃或信息泄露。该漏洞的利用代码已被公开，增加了实际被利用的风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5168" id="CVE-2025-5168" severity="Moderate" severity_desc="中风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的MDLLoader模块存在缓冲区错误漏洞，具体位于文件assimp/code/AssetLib/MDL/MDLLoader.cpp中的函数MDLImporter::ImportUVCoordinate_3DGS_MDL345。攻击者可通过操纵参数iIndex引发越界读取，进而可能造成拒绝服务或信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5200" id="CVE-2025-5200" severity="Low" severity_desc="低风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的MDL模型加载器存在安全漏洞，具体位于文件assimp/code/AssetLib/MDL/MDLLoader.cpp中的函数MDLImporter::InternReadFile_Quake1。该漏洞源于对输入数据边界检查不足，导致在处理恶意构造的MDL文件时发生越界读取，可能造成信息泄露或程序崩溃（拒绝服务）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5201" id="CVE-2025-5201" severity="Low" severity_desc="低风险" title="Open Asset Import Library (Assimp) 5.4.3 版本的 LWO File Handler 组件存在堆缓冲区溢出漏洞。该漏洞位于 code/AssetLib/LWO/LWOAnimation.cpp 文件的 Assimp::LWO::AnimResolver::UpdateAnimRangeSetup 函数中。攻击者可以通过诱导受害者加载特制的恶意 LWO 文件，利用受损的内存分配或边界检查逻辑，在本地主机上触发堆内存越界写入。该漏洞可能导致程序崩溃、任意代码执行或本地提权。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5202" id="CVE-2025-5202" severity="Low" severity_desc="低风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的HL1MDLLoader::validate_header函数存在安全漏洞，该漏洞位于文件assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp中。由于对输入数据的边界检查不足，攻击者可以通过本地构造恶意模型文件触发越界读取，可能导致信息泄露或应用程序崩溃（拒绝服务）。该漏洞已被公开披露并可能被利用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5203" id="CVE-2025-5203" severity="Low" severity_desc="低风险" title="Open Asset Import Library (Assimp) 5.4.3版本中的函数SkipSpaces在处理输入时存在越界读取漏洞，该漏洞位于文件assimp/include/assimp/ParsingUtils.h中。攻击者需要具备本地访问权限，通过构造恶意输入可触发该漏洞，可能导致信息泄露或拒绝服务。目前该漏洞的利用代码已公开。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5204" id="CVE-2025-5204" severity="Low" severity_desc="低风险" title="Open Asset Import Library Assimp组件的MDLMaterialLoader.cpp文件中的MDLImporter::ParseSkinLump_3DGS_MDL7函数存在越界读取漏洞，该漏洞源于程序在读取数据时未正确验证边界条件。可能导致读取越界内存数据，进而引发应用程序崩溃或敏感信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="assimp" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/assimp-5.3.1-17.ky11.loongarch64.rpm" version="5.3.1">
					<filename>assimp-5.3.1-17.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="assimp-devel" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/assimp-devel-5.3.1-17.ky11.loongarch64.rpm" version="5.3.1">
					<filename>assimp-devel-5.3.1-17.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="assimp-help" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/assimp-help-5.3.1-17.ky11.noarch.rpm" version="5.3.1">
					<filename>assimp-help-5.3.1-17.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-assimp" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-assimp-5.3.1-17.ky11.noarch.rpm" version="5.3.1">
					<filename>python3-assimp-5.3.1-17.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1003</id>
		<title>关于 engrampa 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:38"/>
		<updated date="2026-05-06 10:16:47"/>
		<severity>Important</severity>
		<description>关于 engrampa 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-52138" id="CVE-2023-52138" severity="Important" severity_desc="高风险" title="Engrampa 是MATE桌面环境下的归档管理器。该组件在处理CPIO归档文件时存在路径遍历漏洞，攻击者可利用此漏洞实现远程命令执行（RCE）。具体而言，在解压过程中，Engrampa默认会跟随存储的符号链接（symlink），而不会检查符号链接指向的位置，从而导致任意文件被写入到非预期目录中。当用户提取恶意构造的CPIO或ISO归档文件时，攻击者即可在目标系统上执行任意命令。该漏洞已在提交63d5dfa中修复。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-7216" id="CVE-2023-7216" severity="Moderate" severity_desc="中风险" title="cpio存在后置链接漏洞，该漏洞源于存在路径遍历，允许未经身份验证的远程攻击者诱骗用户打开特制的存档，然后在目标系统上运行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="engrampa" release="1.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/engrampa-1.28.2-1.p02.ky11.loongarch64.rpm" version="1.28.2">
					<filename>engrampa-1.28.2-1.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1007</id>
		<title>关于 golang 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:40"/>
		<updated date="2026-05-06 10:38:51"/>
		<severity>Important</severity>
		<description>关于 golang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61726" id="CVE-2025-61726" severity="Important" severity_desc="高风险" title="Go语言net/url包中的查询参数解析功能存在资源分配无限制导致内存耗尽漏洞，该漏洞源于未对URL查询参数的数量设置限制。当使用net/http.Request.ParseForm方法解析包含大量唯一查询参数的大型URL编码表单时，可能导致过度的内存消耗，进而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61727" id="CVE-2025-61727" severity="Moderate" severity_desc="中风险" title="Go crypto/x509组件存在安全漏洞，该漏洞源于证书链中的排除子域约束未正确限制叶证书中通配符SAN的使用，导致攻击者可构造证书绕过安全限制，实施中间人攻击或访问受限资源。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61728" id="CVE-2025-61728" severity="Moderate" severity_desc="中风险" title="Golang 标准库 archive/zip 在解析 ZIP 归档文件时存在拒绝服务漏洞，该漏洞源于程序在首次打开归档内文件时使用了超线性（super-linear）复杂度的文件名索引算法。可能导致攻击者通过构造恶意的 ZIP 归档文件消耗大量 CPU 资源，导致应用程序挂起或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61729" id="CVE-2025-61729" severity="Important" severity_desc="高风险" title="Google Go存在资源消耗漏洞，该漏洞源于包crypto/x509中的HostnameError.Error函数构造错误字符串时未限制主机数量，可能导致资源过度消耗。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61731" id="CVE-2025-61731" severity="Important" severity_desc="高风险" title="Go的cmd/go工具在构建恶意文件时存在任意文件写入漏洞，该漏洞源于对Go源文件中“#cgo pkg-config:”指令的参数校验不严，攻击者可利用该指令提供“--log-file”参数，导致pkg-config命令将日志写入攻击者控制的文件，从而实现部分文件内容的控制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61732" id="CVE-2025-61732" severity="Important" severity_desc="高风险" title="Go cgo存在代码注入漏洞，该漏洞源于对注释解析逻辑不一致，导致攻击者可将恶意代码走私到生成的cgo二进制文件中。攻击者利用此漏洞可能实现任意代码执行，从而完全控制受影响系统。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68119" id="CVE-2025-68119" severity="Important" severity_desc="高风险" title="Go工具链恶意版本字符串处理不当导致代码执行漏洞。Go工具链在通过外部版本控制系统（如Mercurial、Git）下载和构建模块时，对恶意版本字符串的校验与处理存在缺陷。当系统安装了Mercurial（hg）时，从非标准源（如自定义域名）下载模块可能导致意外代码执行；当系统安装了Git时，提供恶意版本字符串可允许攻击者向文件系统任意位置写入文件。该漏洞需要用户显式提供恶意版本字符串，不会影响@latest或裸模块路径的使用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68121" id="CVE-2025-68121" severity="Important" severity_desc="高风险" title="Go语言标准库的crypto/tls模块存在安全漏洞，该漏洞源于Config.Clone方法错误复制自动生成的会话票据密钥，且会话恢复过程中未验证完整证书链的过期状态。攻击者可利用过期证书链建立加密通道，导致敏感信息泄露或证书伪造。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25679" id="CVE-2026-25679" severity="Important" severity_desc="高风险" title="Go语言标准库中的net/url包在解析URL时，对主机/授权组件的验证不充分，接受了某些无效的URL格式。具体而言，当IPv6字面量未出现在主机部分起始位置时，url.Parse函数未能正确拒绝包含垃圾数据前缀的IP字面量，导致可能引发程序异常或资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27139" id="CVE-2026-27139" severity="Low" severity_desc="低风险" title="Go语言的`File.ReadDir`或`File.Readdir`函数在Unix平台上存在目录遍历漏洞，该漏洞源于在列出已打开根目录下的文件时，返回的`FileInfo`对象可能引用根目录之外的文件。攻击者可利用此漏洞绕过预期的目录限制，读取文件系统上任意位置的元数据（通过`lstat`获取），但无法读取或写入根目录之外的文件内容。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27142" id="CVE-2026-27142" severity="Moderate" severity_desc="中风险" title="Go语言标准库html/template包在将URL插入HTML meta标签的content属性时，未对相关操作进行转义处理。当该meta标签同时包含值为“refresh”的http-equiv属性时，此缺陷可导致跨站脚本攻击。为此新增了一个GODEBUG设置项htmlmetacontenturlescape，通过设置htmlmetacontenturlescape=0可禁用对meta content属性中“url=”后URL操作的转义。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="golang" release="44.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/golang-1.21.4-44.p01.ky11.loongarch64.rpm" version="1.21.4">
					<filename>golang-1.21.4-44.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="golang-devel" release="44.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/golang-devel-1.21.4-44.p01.ky11.loongarch64.rpm" version="1.21.4">
					<filename>golang-devel-1.21.4-44.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="golang-help" release="44.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/golang-help-1.21.4-44.p01.ky11.noarch.rpm" version="1.21.4">
					<filename>golang-help-1.21.4-44.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1022</id>
		<title>关于 libsoup 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:49"/>
		<updated date="2026-05-06 10:51:48"/>
		<severity>Moderate</severity>
		<description>关于 libsoup 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-2443" id="CVE-2026-2443" severity="Moderate" severity_desc="中风险" title="GNOME系统中广泛使用的HTTP库libsoup在处理特制的HTTP Range请求头时，未能正确验证所请求的字节范围。在某些构建配置下，远程攻击者可能利用此缺陷访问服务器内存中超出预期响应的部分内容。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libsoup" release="10.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup-2.74.3-10.p02.ky11.loongarch64.rpm" version="2.74.3">
					<filename>libsoup-2.74.3-10.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsoup-devel" release="10.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup-devel-2.74.3-10.p02.ky11.loongarch64.rpm" version="2.74.3">
					<filename>libsoup-devel-2.74.3-10.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup-help" release="10.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup-help-2.74.3-10.p02.ky11.noarch.rpm" version="2.74.3">
					<filename>libsoup-help-2.74.3-10.p02.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1024</id>
		<title>关于 libtpms 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:49"/>
		<updated date="2026-05-06 10:52:30"/>
		<severity>Moderate</severity>
		<description>关于 libtpms 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-49133" id="CVE-2025-49133" severity="Moderate" severity_desc="中风险" title="libtpms的CryptHmacSign函数存在越界读取漏洞，该漏洞源于signKey与signScheme参数配对不一致，当signKey为ALG_KEYEDHASH密钥而inScheme为ECC或RSA方案时，CryptHmacSign函数会触发越界读取。攻击者可通过向基于受影响TCG参考实现的TPM 2.0/vTPM（swtpm）固件发送恶意命令触发此漏洞，导致libtpms因检测到越界访问而异常终止，进而使vTPM（swtpm）对虚拟机不可用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libtpms" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtpms-0.9.5-4.p02.ky11.loongarch64.rpm" version="0.9.5">
					<filename>libtpms-0.9.5-4.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libtpms-devel" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtpms-devel-0.9.5-4.p02.ky11.loongarch64.rpm" version="0.9.5">
					<filename>libtpms-devel-0.9.5-4.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1026</id>
		<title>关于 openssh 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:50"/>
		<updated date="2026-05-06 10:53:17"/>
		<severity>Moderate</severity>
		<description>关于 openssh 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3497" id="CVE-2026-3497" severity="Moderate" severity_desc="中风险" title="OpenSSH组件在多个Linux发行版中引入的GSSAPI补丁存在安全漏洞，该漏洞并不影响上游OpenSSH项目本身。当服务器在GSSAPI密钥交换过程中接收到攻击者发送的异常GSSAPI消息类型时，会触发错误处理流程。由于错误处理中调用了不会终止进程的sshpkt_disconnect()函数，导致程序继续执行但未正确初始化相关的连接变量（这些变量未被设置为NULL）。后续代码访问了这些未初始化的变量，读取随机内存内容，从而引发未定义行为（例如程序崩溃、信息泄露或远程代码执行）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35386" id="CVE-2026-35386" severity="Low" severity_desc="低风险" title="OpenSSH 10.3版本之前存在命令执行漏洞，该漏洞源于在命令行中使用包含shell元字符的用户名时可能导致命令执行。攻击者需要在一个命令行中的用户名不可信的场景下，并配合ssh_config中非默认的%配置才能利用此漏洞。攻击者可借助特制的用户名在目标系统上执行任意命令，从而获取敏感信息或造成进一步危害。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35387" id="CVE-2026-35387" severity="Low" severity_desc="低风险" title="OpenSSH 10.3之前版本在处理PubkeyAcceptedAlgorithms或HostbasedAcceptedAlgorithms配置时存在安全限制绕过漏洞。当用户尝试通过列出特定ECDSA算法来限制允许的公钥算法时，OpenSSH会错误地将其解释为接受所有ECDSA算法，从而可能允许攻击者使用未预期的ECDSA算法进行身份验证，增加了未经授权访问系统的风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35388" id="CVE-2026-35388" severity="Low" severity_desc="低风险" title="OpenSSH在10.3版本之前的代理模式复用会话中，存在连接复用确认绕过漏洞，该漏洞源于在代理模式复用会话时，未进行连接复用确认，可能导致攻击者利用此漏洞绕过安全确认机制，造成低完整性影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35414" id="CVE-2026-35414" severity="Moderate" severity_desc="中风险" title="OpenSSH 10.3之前版本在处理authorized_keys文件中的principals选项时存在安全漏洞，该漏洞源于在特定场景下（如与使用逗号字符的证书颁发机构结合使用时），未能正确验证或解析主体列表，可能导致攻击者绕过预期的访问控制限制，从而获得未授权的系统访问权限。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="openssh" release="5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-9.6p1-5.p12.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-9.6p1-5.p12.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-askpass" release="5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-askpass-9.6p1-5.p12.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-askpass-9.6p1-5.p12.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-clients" release="5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-clients-9.6p1-5.p12.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-clients-9.6p1-5.p12.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openssh-help" release="5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-help-9.6p1-5.p12.se.01.ky11.noarch.rpm" version="9.6p1">
					<filename>openssh-help-9.6p1-5.p12.se.01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-keycat" release="5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-keycat-9.6p1-5.p12.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-keycat-9.6p1-5.p12.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openssh-server" release="5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openssh-server-9.6p1-5.p12.se.01.ky11.loongarch64.rpm" version="9.6p1">
					<filename>openssh-server-9.6p1-5.p12.se.01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="pam_ssh_agent_auth" release="4.5.p12.se.01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pam_ssh_agent_auth-0.10.4-4.5.p12.se.01.ky11.loongarch64.rpm" version="0.10.4">
					<filename>pam_ssh_agent_auth-0.10.4-4.5.p12.se.01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1028</id>
		<title>关于 python3 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:51"/>
		<updated date="2026-05-06 10:54:07"/>
		<severity>Moderate</severity>
		<description>关于 python3 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-15282" id="CVE-2025-15282" severity="Moderate" severity_desc="中风险" title="该漏洞存在于Python标准库的urllib.request.DataHandler组件中，当处理用户可控的数据URL时，攻击者可通过在数据URL的mediatype部分插入换行符（如CRLF）来注入任意HTTP头，这可能导致HTTP请求被篡改。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0672" id="CVE-2026-0672" severity="Moderate" severity_desc="中风险" title="当使用Python的http.cookies.Morsel模块时，用户可控的cookie值和参数可能允许将HTTP头注入到消息中。攻击者可以通过构造恶意cookie值，诱导服务器在响应中插入非法HTTP头，从而可能导致HTTP头注入攻击，影响Web应用的安全性。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1299" id="CVE-2026-1299" severity="Moderate" severity_desc="中风险" title="CPython的email模块中BytesGenerator类在序列化邮件消息时未正确对邮件头中的换行符进行转义处理，导致在使用LiteralHeader写入不遵循邮件折叠规则的头时，存在邮件头注入漏洞，攻击者可能利用该漏洞注入恶意邮件头。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4224" id="CVE-2026-4224" severity="Moderate" severity_desc="中风险" title="Expat解析器的ElementDeclHandler在处理包含深度嵌套内容模型的内联文档类型定义时存在栈溢出漏洞，该漏洞源于对递归调用深度未进行有效限制，导致C语言栈溢出。攻击者可通过构造恶意的XML文档触发此漏洞，可能导致解析器崩溃或潜在的远程代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="python3" release="24.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-3.11.6-24.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-3.11.6-24.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-debug" release="24.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-debug-3.11.6-24.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-debug-3.11.6-24.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-devel" release="24.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-devel-3.11.6-24.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-devel-3.11.6-24.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-help" release="24.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-help-3.11.6-24.p01.ky11.noarch.rpm" version="3.11.6">
					<filename>python3-help-3.11.6-24.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-tkinter" release="24.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-tkinter-3.11.6-24.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-tkinter-3.11.6-24.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-unversioned-command" release="24.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-unversioned-command-3.11.6-24.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-unversioned-command-3.11.6-24.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1035</id>
		<title>关于 ukui-control-center 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:54"/>
		<updated date="2026-05-06 10:58:11"/>
		<severity>Important</severity>
		<description>关于 ukui-control-center 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0405" id="KVE-2026-0405" severity="Important" severity_desc="高风险" title="ukui-control-center组件 D-Bus 服务setaptproxy 方法，由于未对输入进行任何过滤或转义，攻击者可以在代理字符串中注入任意 shell 命令。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0406" id="KVE-2026-0406" severity="Moderate" severity_desc="中风险" title="ukui-control-center组件存在授权缺失漏洞，攻击者通过 D-Bus 调用 setNtpSerAddress 方法，可修改 NTP 配置。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libukcc3" release="1.p58.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libukcc3-4.10.0.0-1.p58.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>libukcc3-4.10.0.0-1.p58.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libukcc-devel" release="1.p58.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libukcc-devel-4.10.0.0-1.p58.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>libukcc-devel-4.10.0.0-1.p58.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-control-center" release="1.p58.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-control-center-4.10.0.0-1.p58.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-control-center-4.10.0.0-1.p58.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1036</id>
		<title>关于 ukui-settings-daemon 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-03 16:34:54"/>
		<updated date="2026-05-06 10:58:38"/>
		<severity>Important</severity>
		<description>关于 ukui-settings-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0306" id="KVE-2025-0306" severity="Important" severity_desc="高风险" title="ukui-settings-daemon组件writeGlobalConfig函数存在任意文件写入漏洞" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-display-switch" release="1.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-display-switch-4.10.0.0-1.p12.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>kylin-display-switch-4.10.0.0-1.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-settings-daemon" release="1.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-settings-daemon-4.10.0.0-1.p12.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-4.10.0.0-1.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-settings-daemon-common" release="1.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-settings-daemon-common-4.10.0.0-1.p12.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-common-4.10.0.0-1.p12.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1044</id>
		<title>关于 luksmeta 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-05 12:50:11"/>
		<updated date="2026-05-11 17:02:39"/>
		<severity>Moderate</severity>
		<description>关于 luksmeta 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11568" id="CVE-2025-11568" severity="Moderate" severity_desc="中风险" title="luksmeta工具在处理LUKS1磁盘加密格式时存在数据损坏漏洞，该漏洞源于在元数据处理过程中未正确验证可用空间，导致攻击者可写入大量元数据覆盖用户数据，造成数据永久丢失。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="luksmeta" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/luksmeta-9-7.ky11.loongarch64.rpm" version="9">
					<filename>luksmeta-9-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="luksmeta-devel" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/luksmeta-devel-9-7.ky11.loongarch64.rpm" version="9">
					<filename>luksmeta-devel-9-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="luksmeta-help" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/luksmeta-help-9-7.ky11.noarch.rpm" version="9">
					<filename>luksmeta-help-9-7.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1050</id>
		<title>关于 poppler 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-05 12:50:13"/>
		<updated date="2026-05-11 15:40:39"/>
		<severity>Low</severity>
		<description>关于 poppler 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-43718" id="CVE-2025-43718" severity="Low" severity_desc="低风险" title="Poppler 24.06.1至25.x版本（不包括25.04.0）在处理PDF文档元数据中的深层嵌套结构时存在栈消耗问题，例如GTS_PDFEVersion字段中用于长pdfsubver字符串的正则表达式。该漏洞源于Dict::lookup、Catalog::getMetadata及相关PDFDoc函数中正则执行器(std::__detail::_Executor)发生的深度递归，可导致SIGSEGV信号触发，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-52885" id="CVE-2025-52885" severity="Important" severity_desc="高风险" title="Poppler PDF渲染库的StructTreeRoot类在处理文档结构时存在释放后重用漏洞，该漏洞源于代码使用原始指针指向`std::vector`容器内的元素，当容器因添加新元素而重新分配内存时，这些指针将变为悬垂指针。攻击者可能通过构造特制的PDF文件，利用此悬垂指针进行写入操作，从而可能导致应用程序崩溃或执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="poppler" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-cpp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-cpp-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-cpp-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-cpp-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-cpp-devel-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-cpp-devel-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-devel-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-devel-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-glib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-glib-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-glib-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-glib-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-glib-devel-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-glib-devel-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="poppler-glib-doc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-glib-doc-23.12.0-13.ky11.noarch.rpm" version="23.12.0">
					<filename>poppler-glib-doc-23.12.0-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="poppler-help" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-help-23.12.0-13.ky11.noarch.rpm" version="23.12.0">
					<filename>poppler-help-23.12.0-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-qt5" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-qt5-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-qt5-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-qt5-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-qt5-devel-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-qt5-devel-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-qt6" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-qt6-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-qt6-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-qt6-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-qt6-devel-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-qt6-devel-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="poppler-utils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/poppler-utils-23.12.0-13.ky11.loongarch64.rpm" version="23.12.0">
					<filename>poppler-utils-23.12.0-13.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1054</id>
		<title>关于 kylin-device-daemon 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-06 12:24:26"/>
		<updated date="2026-05-06 15:25:22"/>
		<severity>Important</severity>
		<description>关于 kylin-device-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2024-1102" id="KVE-2024-1102" severity="Important" severity_desc="高风险" title="银河麒麟操作系统设备管理组件存在挂载操作权限控制不当漏洞，该漏洞源于挂载操作的权限管控不够严格，低权限用户可执行高危挂载，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-device-daemon" release="1.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-device-daemon-3.24.0.0-1.p02.ky11.loongarch64.rpm" version="3.24.0.0">
					<filename>kylin-device-daemon-3.24.0.0-1.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1055</id>
		<title>关于 libkysdk-base 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-06 12:24:27"/>
		<updated date="2026-05-06 15:25:06"/>
		<severity>Important</severity>
		<description>关于 libkysdk-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2024-0620" id="KVE-2024-0620" severity="Important" severity_desc="高风险" title="银河麒麟操作系统系统开发套件组件存在文件写入权限校验不充分漏洞，该漏洞源于执行文件写入操作前对调用者权限的验证不充分，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0403" id="KVE-2026-0403" severity="Important" severity_desc="高风险" title="银河麒麟操作系统系统开发套件组件存在并发操作处理不当漏洞，该漏洞源于在执行检查与实施操作之间存在可被利用的时间间隙，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libkysdk-base" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-base-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-base-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-basecommon" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-basecommon-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-basecommon-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-base-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-base-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-base-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-conf2" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-conf2-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-conf2-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-conf2-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-conf2-tools" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-conf2-tools-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-conf2-tools-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-config" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-config-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-config-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-config-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-config-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-config-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-diagnostics" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-diagnostics-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-diagnostics-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-diagnostics-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-diagnostics-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-diagnostics-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-gsetting" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-gsetting-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-gsetting-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-gsetting-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-gsetting-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-gsetting-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-log" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-log-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-log-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-log-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-log-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-log-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-timer" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-timer-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-timer-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-timer-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-timer-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-timer-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-utils" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-utils-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-utils-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-utils-devel" release="1.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-utils-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm" version="2.5.1.0">
					<filename>libkysdk-utils-devel-2.5.1.0-1.p08.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1056</id>
		<title>关于 ukui-biometric-auth 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-06 12:24:29"/>
		<updated date="2026-05-06 14:43:56"/>
		<severity>Moderate</severity>
		<description>关于 ukui-biometric-auth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0402" id="KVE-2026-0402" severity="Moderate" severity_desc="中风险" title="ukui-biometric-auth组件D-Bus 方法缺少授权检查，导致接口能被未授权用户访问。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0404" id="KVE-2026-0404" severity="Low" severity_desc="低风险" title="银河麒麟系统中的 uniauth-backend D-Bus 服务以 root 权限运行，负责用户认证信息管理。由于 D-Bus 权限策略配置不当且服务端缺少授权检查，普通本地用户可在无认证情况下直接调用接口，篡改 /var/lib/lightdm/.cache/ukui-greeter.conf 里的 lastLoginUser 、SaveQuickLoginUser 字段。攻击者可写入任意字符串（如不存在用户名），导致登录界面异常，造成拒绝服务或干扰正常登录流程。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libpam-biometric" release="1.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpam-biometric-4.10.0.0-1.p05.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>libpam-biometric-4.10.0.0-1.p05.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-biometric-auth" release="1.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-biometric-auth-4.10.0.0-1.p05.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-biometric-auth-4.10.0.0-1.p05.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-polkit" release="1.p05.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-polkit-4.10.0.0-1.p05.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-polkit-4.10.0.0-1.p05.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1150</id>
		<title>关于 python-cryptography 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-10 18:33:49"/>
		<updated date="2026-05-11 16:42:44"/>
		<severity>Moderate</severity>
		<description>关于 python-cryptography 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-26007" id="CVE-2026-26007" severity="Moderate" severity_desc="中风险" title="cryptography 是一个为Python开发者提供加密原语和配方的软件包。在46.0.5版本之前，public_key_from_numbers（或EllipticCurvePublicNumbers.public_key()）、load_der_public_key() 和 load_pem_public_key() 函数未验证椭圆曲线点是否属于预期的素数阶子群。当受害者通过ECDH计算共享秘密S = [victim_private_key]P时，会泄露victim_private_key模small_subgroup_order的信息。对于cofactor大于1的曲线，这将暴露私钥的最低有效位。当这些弱公钥用于ECDSA时，攻击者可以轻易地在小子群上伪造签名。只有SECT曲线受此影响。该漏洞已在46.0.5版本中修复。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="python3-cryptography" release="9.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-cryptography-42.0.2-9.p01.ky11.loongarch64.rpm" version="42.0.2">
					<filename>python3-cryptography-42.0.2-9.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-cryptography-help" release="9.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-cryptography-help-42.0.2-9.p01.ky11.noarch.rpm" version="42.0.2">
					<filename>python-cryptography-help-42.0.2-9.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1173</id>
		<title>关于 erlang 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:07"/>
		<updated date="2026-05-19 09:27:02"/>
		<severity>Moderate</severity>
		<description>关于 erlang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48038" id="CVE-2025-48038" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源分配无限制漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击，或因资源泄漏暴露敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48039" id="CVE-2025-48039" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源分配无限制漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击，或因资源泄漏暴露敏感信息。
" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48040" id="CVE-2025-48040" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源消耗失控漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击或资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48041" id="CVE-2025-48041" severity="Important" severity_desc="高风险" title="Erlang OTP的ssh_sftp模块的ssh_sftpd.erl文件中存在资源分配无限制漏洞，该漏洞源于未对资源分配进行限制或节流。可能导致攻击者通过过度分配资源实现拒绝服务攻击或资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-21620" id="CVE-2026-21620" severity="Important" severity_desc="高风险" title="Erlang/OTP的TFTP服务模块（`tftp_file`）存在路径遍历漏洞，该漏洞源于程序在处理文件路径时未对用户输入进行充分的规范化或校验，攻击者可利用此漏洞构造包含相对路径序列（如`../`）的请求，从而越权读取或写入服务器文件系统上的敏感文件。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23941" id="CVE-2026-23941" severity="Important" severity_desc="高风险" title="Erlang OTP的inets httpd模块存在HTTP请求走私漏洞，该漏洞源于服务器未拒绝或规范化重复的Content-Length头部。在处理HTTP请求时，服务器使用最早出现的Content-Length值进行消息体解析，而常见的反向代理（如nginx、Apache httpd、Envoy）则采用最后一个Content-Length值，这种不一致违反了RFC 9112第6.3节的规定，导致前后端同步失效，使得攻击者可控的数据被缓存作为下一个请求的起始部分。攻击者可利用此漏洞实现请求走私，绕过安全控制，甚至执行恶意操作。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23942" id="CVE-2026-23942" severity="Moderate" severity_desc="中风险" title="Erlang/OTP 17.0至28.4.1版本、27.3.4.9版本和26.2.5.18版本存在安全漏洞，该漏洞源于路径名限制不当，可能导致路径遍历攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23943" id="CVE-2026-23943" severity="Moderate" severity_desc="中风险" title="Erlang OTP的ssh组件（ssh_transport模块）存在压缩炸弹拒绝服务漏洞，该漏洞源于SSH传输层默认启用传统的zlib压缩，并在身份认证前对攻击者控制的载荷进行解压时未施加任何大小限制。攻击者可利用此漏洞，通过发送特制的高度压缩数据包，在目标系统上触发内存耗尽，从而导致拒绝服务。该漏洞影响身份认证前的zlib算法和身份认证后的zlib@openssh.com算法，单个SSH数据包即可实现高达1029:1的放大比，在内存受限环境中可迅速耗尽内存并引发OOM（内存不足）终止进程。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="erlang" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-asn1" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-asn1-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-asn1-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-common_test" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-common_test-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-common_test-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-compiler" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-compiler-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-compiler-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-crypto" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-crypto-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-crypto-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-debugger" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-debugger-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-debugger-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-dialyzer" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-dialyzer-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-dialyzer-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-diameter" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-diameter-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-diameter-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-edoc" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-edoc-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-edoc-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-eldap" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-eldap-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-eldap-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-erl_docgen" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-erl_docgen-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-erl_docgen-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-erl_interface" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-erl_interface-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-erl_interface-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-erts" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-erts-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-erts-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-et" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-et-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-et-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-eunit" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-eunit-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-eunit-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-examples" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-examples-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-examples-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-ftp" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-ftp-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-ftp-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-inets" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-inets-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-inets-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-jinterface" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-jinterface-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-jinterface-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-kernel" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-kernel-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-kernel-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-megaco" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-megaco-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-megaco-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-mnesia" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-mnesia-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-mnesia-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-observer" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-observer-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-observer-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-odbc" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-odbc-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-odbc-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-os_mon" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-os_mon-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-os_mon-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-parsetools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-parsetools-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-parsetools-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-public_key" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-public_key-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-public_key-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-reltool" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-reltool-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-reltool-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-runtime_tools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-runtime_tools-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-runtime_tools-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-sasl" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-sasl-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-sasl-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-snmp" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-snmp-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-snmp-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-src" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-src-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-src-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-ssh" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-ssh-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-ssh-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-ssl" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-ssl-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-ssl-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-stdlib" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-stdlib-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-stdlib-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-syntax_tools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-syntax_tools-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-syntax_tools-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-tftp" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-tftp-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-tftp-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-tools" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-tools-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-tools-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-wx" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-wx-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-wx-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="erlang-xmerl" release="13.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/erlang-xmerl-25.3.2.6-13.p01.ky11.loongarch64.rpm" version="25.3.2.6">
					<filename>erlang-xmerl-25.3.2.6-13.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1175</id>
		<title>关于 glibc 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:09"/>
		<updated date="2026-06-01 16:23:34"/>
		<severity>Important</severity>
		<description>关于 glibc 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-15281" id="CVE-2025-15281" severity="Important" severity_desc="高风险" title="GNU C Library（glibc）的wordexp函数在结合使用WRDE_REUSE与WRDE_APPEND标志时存在未初始化内存访问漏洞，该漏洞源于函数在处理特定调用参数组合时未能正确初始化we_wordv成员的内存空间，导致返回未初始化内存。攻击者可能利用此漏洞，在后续调用wordfree函数时触发进程异常终止，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="glibc" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-all-langpacks" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-all-langpacks-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-all-langpacks-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-common" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-common-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-common-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-debugutils" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-debugutils-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-debugutils-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-devel" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-devel-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-devel-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="glibc-help" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-help-2.38-65.p12.ky11.noarch.rpm" version="2.38">
					<filename>glibc-help-2.38-65.p12.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-locale-archive" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-locale-archive-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-locale-archive-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-locale-source" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-locale-source-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-locale-source-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="glibc-nss-devel" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/glibc-nss-devel-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>glibc-nss-devel-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="nscd" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nscd-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>nscd-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="nss_modules" release="65.p12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nss_modules-2.38-65.p12.ky11.loongarch64.rpm" version="2.38">
					<filename>nss_modules-2.38-65.p12.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1176</id>
		<title>关于 gnutls 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:09"/>
		<updated date="2026-05-19 09:27:26"/>
		<severity>Moderate</severity>
		<description>关于 gnutls 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-14831" id="CVE-2025-14831" severity="Moderate" severity_desc="中风险" title="GnuTLS在处理特制恶意证书时存在拒绝服务漏洞，该漏洞源于对包含大量名称约束和主题备用名称（SANs）的证书未进行有效限制，导致在解析此类证书时过度消耗CPU和内存资源。攻击者无需身份认证即可通过网络远程利用此漏洞，可能导致受影响系统服务不可用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="gnutls" release="5.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-3.8.2-5.p07.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-3.8.2-5.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gnutls-dane" release="5.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-dane-3.8.2-5.p07.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-dane-3.8.2-5.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gnutls-devel" release="5.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-devel-3.8.2-5.p07.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-devel-3.8.2-5.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gnutls-help" release="5.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-help-3.8.2-5.p07.ky11.noarch.rpm" version="3.8.2">
					<filename>gnutls-help-3.8.2-5.p07.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gnutls-utils" release="5.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-utils-3.8.2-5.p07.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-utils-3.8.2-5.p07.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1179</id>
		<title>关于 kylin-wayland-compositor 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:11"/>
		<updated date="2026-05-19 11:40:59"/>
		<severity>Moderate</severity>
		<description>关于 kylin-wayland-compositor 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0426" id="KVE-2026-0426" severity="Moderate" severity_desc="中风险" title="kylin-wayland-compositor组件该组件在解码 BMP 和 ICO 图像格式时，存在整数溢出和越界读取漏洞，可能引发越界读取和拒绝服务" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0427" id="KVE-2026-0427" severity="Moderate" severity_desc="中风险" title="kylin-wayland-compositor组件该组件在解码 BMP 和 ICO 图像格式时，存在整数溢出漏洞，可能引发拒绝服务" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-wayland-compositor" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-wayland-compositor-1.3.1.0-1.p01.ky11.loongarch64.rpm" version="1.3.1.0">
					<filename>kylin-wayland-compositor-1.3.1.0-1.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kylin-wayland-compositor-client" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-wayland-compositor-client-1.3.1.0-1.p01.ky11.loongarch64.rpm" version="1.3.1.0">
					<filename>kylin-wayland-compositor-client-1.3.1.0-1.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1197</id>
		<title>关于 protobuf 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:20"/>
		<updated date="2026-05-18 17:54:23"/>
		<severity>Important</severity>
		<description>关于 protobuf 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4565" id="CVE-2025-4565" severity="Moderate" severity_desc="中风险" title="Protobuf Pure-Python 后端在解析包含任意数量递归组、递归消息或一系列SGROUP标签的不可信Protocol Buffers数据时，存在递归处理拒绝服务漏洞，该漏洞源于未对递归深度进行有效限制，导致超出Python递归限制。攻击者可通过发送特制的Protocol Buffers数据，触发RecursionError异常，导致应用程序崩溃，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0994" id="CVE-2026-0994" severity="Important" severity_desc="高风险" title="Python 的 `google.protobuf.json_format.ParseDict()` 函数存在拒绝服务 (DoS) 漏洞，攻击者可以利用该漏洞绕过 `max_recursion_depth` 限制，从而在解析嵌套的 `google.protobuf.Any` 消息时触发。由于内部 Any 处理逻辑缺少递归深度统计，攻击者可以提供深度嵌套的 Any 结构，绕过预期的递归限制，最终耗尽 Python 的递归栈，导致 RecursionError 错误。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="protobuf" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-25.1-12.p01.ky11.loongarch64.rpm" version="25.1">
					<filename>protobuf-25.1-12.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-bom" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-bom-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-bom-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="protobuf-compiler" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-compiler-25.1-12.p01.ky11.loongarch64.rpm" version="25.1">
					<filename>protobuf-compiler-25.1-12.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="protobuf-devel" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-devel-25.1-12.p01.ky11.loongarch64.rpm" version="25.1">
					<filename>protobuf-devel-25.1-12.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-java" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-java-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-java-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-javadoc" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-javadoc-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-javadoc-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-javalite" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-javalite-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-javalite-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-java-util" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-java-util-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-java-util-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="protobuf-lite" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-lite-25.1-12.p01.ky11.loongarch64.rpm" version="25.1">
					<filename>protobuf-lite-25.1-12.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="protobuf-lite-devel" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-lite-devel-25.1-12.p01.ky11.loongarch64.rpm" version="25.1">
					<filename>protobuf-lite-devel-25.1-12.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="protobuf-parent" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/protobuf-parent-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>protobuf-parent-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-protobuf" release="12.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-protobuf-25.1-12.p01.ky11.noarch.rpm" version="25.1">
					<filename>python3-protobuf-25.1-12.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1199</id>
		<title>关于 qemu 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:22"/>
		<updated date="2026-05-18 17:53:45"/>
		<severity>Moderate</severity>
		<description>关于 qemu 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-49721" id="CVE-2023-49721" severity="Moderate" severity_desc="中风险" title="LXD的EDK2组件UEFI Shell默认启用导致安全启动绕过漏洞，该漏洞源于不安全的默认配置，允许操作系统驻留的攻击者绕过安全启动（Secure Boot）机制，可能导致系统完整性受损。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="11" name="qemu" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-curl" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-curl-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-curl-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-iscsi" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-iscsi-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-iscsi-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-rbd" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-rbd-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-rbd-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-ssh" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-ssh-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-ssh-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-guest-agent" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-guest-agent-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-guest-agent-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="11" name="qemu-help" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-help-8.2.0-37.p13.ky11.noarch.rpm" version="8.2.0">
					<filename>qemu-help-8.2.0-37.p13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-hw-usb-host" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-hw-usb-host-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-hw-usb-host-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-img" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-img-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-img-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-aarch64" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-aarch64-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-aarch64-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-arm" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-arm-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-arm-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-loongarch64" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-loongarch64-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-loongarch64-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-riscv" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-riscv-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-riscv-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-x86_64" release="37.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-x86_64-8.2.0-37.p13.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-x86_64-8.2.0-37.p13.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1200</id>
		<title>关于 tar 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-12 12:50:23"/>
		<updated date="2026-05-18 17:52:36"/>
		<severity>Moderate</severity>
		<description>关于 tar 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-45582" id="CVE-2025-45582" severity="Moderate" severity_desc="中风险" title="GNU Tar组件存在目录遍历漏洞，该漏洞源于在解压TAR存档时未正确校验路径逻辑，允许攻击者通过分两步解压包含符号链接和关键文件的特制存档，绕过原有的'成员名称包含..'保护机制，导致关键文件被覆盖。攻击者可利用该漏洞覆盖系统配置文件，可能引发权限提升或敏感数据篡改。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="2" name="tar" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/tar-1.35-3.ky11.loongarch64.rpm" version="1.35">
					<filename>tar-1.35-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="tar-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/tar-help-1.35-3.ky11.noarch.rpm" version="1.35">
					<filename>tar-help-1.35-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1207</id>
		<title>关于 alsa-lib 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:07"/>
		<updated date="2026-05-25 18:16:28"/>
		<severity>Moderate</severity>
		<description>关于 alsa-lib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25068" id="CVE-2026-25068" severity="Moderate" severity_desc="中风险" title="alsa-lib 1.2.2 版本至 1.2.15.2 版本（不含提交 5f7fe33）中的拓扑混音器控制解码器存在堆缓冲区溢出漏洞。tplg_decode_control_mixer1() 函数从不受信任的 .tplg 数据中读取 num_channels 字段，并将其作为循环边界使用，而未验证其是否超出固定大小的通道数组（SND_TPLG_MAX_CHAN）。攻击者可构造一个具有过大 num_channels 值的拓扑文件，导致越界堆写入，从而引发程序崩溃（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="alsa-lib" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/alsa-lib-1.2.10-4.ky11.loongarch64.rpm" version="1.2.10">
					<filename>alsa-lib-1.2.10-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="alsa-lib-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/alsa-lib-devel-1.2.10-4.ky11.loongarch64.rpm" version="1.2.10">
					<filename>alsa-lib-devel-1.2.10-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="alsa-topology" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/alsa-topology-1.2.10-4.ky11.noarch.rpm" version="1.2.10">
					<filename>alsa-topology-1.2.10-4.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="alsa-ucm" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/alsa-ucm-1.2.10-4.ky11.noarch.rpm" version="1.2.10">
					<filename>alsa-ucm-1.2.10-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1213</id>
		<title>关于 avahi 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:13"/>
		<updated date="2026-05-25 18:17:52"/>
		<severity>Moderate</severity>
		<description>关于 avahi 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-52615" id="CVE-2024-52615" severity="Moderate" severity_desc="中风险" title="Avahi-daemon的广域网DNS查询功能存在使用固定源端口漏洞，该漏洞源于在发起广域网DNS查询时使用了固定的源端口，未正确随机化端口号。可能导致攻击者更容易注入恶意DNS响应，从而实施DNS欺骗攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24401" id="CVE-2026-24401" severity="Moderate" severity_desc="中风险" title="Avahi的avahi-daemon组件中的lookup_handle_cname函数存在递归CNAME记录处理不当漏洞，该漏洞源于在处理未请求的mDNS响应时，未能有效检测和阻止包含自引用递归CNAME记录（如别名和规范名称指向相同域名“h.local”）的数据包，导致函数发生无界递归调用，最终引发栈耗尽和进程崩溃。攻击者可通过发送特制的mDNS响应数据包，在设置了AVAHI_LOOKUP_USE_MULTICAST标志的记录浏览器（包括nss-mdns使用的解析器创建的记录浏览器）上触发此漏洞，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34933" id="CVE-2026-34933" severity="Moderate" severity_desc="中风险" title="Avahi 是一个通过 mDNS/DNS-SD 协议套件实现局域网服务发现的系统。该漏洞存在于 avahi-daemon 组件中，由于在处理 D-Bus 方法调用时未正确校验发布标志，导致任何无特权的本地用户可以通过发送携带冲突发布标志的单个 D-Bus 调用使 avahi-daemon 进入无限循环或异常退出，从而引发拒绝服务（daemon 崩溃）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="avahi" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-autoipd" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-autoipd-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-autoipd-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-compat-howl" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-compat-howl-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-compat-howl-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-compat-howl-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-compat-howl-devel-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-compat-howl-devel-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-compat-libdns_sd" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-compat-libdns_sd-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-compat-libdns_sd-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-compat-libdns_sd-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-compat-libdns_sd-devel-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-compat-libdns_sd-devel-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-devel-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-devel-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-dnsconfd" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-dnsconfd-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-dnsconfd-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-glib" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-glib-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-glib-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-glib-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-glib-devel-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-glib-devel-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-gobject" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-gobject-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-gobject-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-gobject-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-gobject-devel-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-gobject-devel-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="avahi-help" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-help-0.8-28.ky11.noarch.rpm" version="0.8">
					<filename>avahi-help-0.8-28.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-libs" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-libs-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-libs-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-tools" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-tools-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-tools-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-ui" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-ui-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-ui-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-ui-devel" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-ui-devel-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-ui-devel-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-ui-gtk3" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-ui-gtk3-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-ui-gtk3-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="avahi-ui-tools" release="28.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/avahi-ui-tools-0.8-28.ky11.loongarch64.rpm" version="0.8">
					<filename>avahi-ui-tools-0.8-28.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1215</id>
		<title>关于 brotli 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:15"/>
		<updated date="2026-05-25 18:18:47"/>
		<severity>Important</severity>
		<description>关于 brotli 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-6176" id="CVE-2025-6176" severity="Important" severity_desc="高风险" title="Scrapy 2.13.2及之前版本存在资源管理错误漏洞，该漏洞源于brotli解压实现存在缺陷，可能导致拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="brotli" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/brotli-1.1.0-2.ky11.loongarch64.rpm" version="1.1.0">
					<filename>brotli-1.1.0-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="brotli-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/brotli-devel-1.1.0-2.ky11.loongarch64.rpm" version="1.1.0">
					<filename>brotli-devel-1.1.0-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="brotli-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/brotli-help-1.1.0-2.ky11.noarch.rpm" version="1.1.0">
					<filename>brotli-help-1.1.0-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-brotli" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-brotli-1.1.0-2.ky11.loongarch64.rpm" version="1.1.0">
					<filename>python3-brotli-1.1.0-2.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1217</id>
		<title>关于 compat-openssl11 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:16"/>
		<updated date="2026-05-25 18:19:10"/>
		<severity>Important</severity>
		<description>关于 compat-openssl11 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68160" id="CVE-2025-68160" severity="Moderate" severity_desc="中风险" title="OpenSSL的BIO_f_linebuffer行缓冲过滤器在处理包含大量无换行符数据且后续BIO执行短写入操作的BIO链时，存在堆越界写入漏洞。该漏洞源于对缓冲区边界校验不足，可能导致内存损坏，进而引发应用程序崩溃，造成拒绝服务。在OpenSSL命令行应用中，此过滤器通常仅在VMS系统上推送到stdout/stderr；第三方应用若显式使用此过滤器且攻击者可控制写入大量无换行符数据，则可能受影响，但实际攻击场景难以被攻击者控制，故评估为低严重性。OpenSSL 3.6、3.5、3.4、3.3、3.0、1.1.1和1.0.2版本受影响，FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69418" id="CVE-2025-69418" severity="Moderate" severity_desc="中风险" title="OpenSSL的硬件加速代码路径中的低级别OCB API（CRYPTO_ocb128_encrypt()和CRYPTO_ocb128_decrypt()函数）存在逻辑缺陷，该漏洞源于在处理长度非16字节倍数的输入时，函数在处理完完整的16字节块后未能正确更新输入/输出指针，导致后续的尾部处理代码重复处理缓冲区开头的数据，而实际尾部字节（1-15字节）未被加密和认证。这可能导致加密时消息尾部字节以明文形式泄露，且这些字节不受认证标签保护，攻击者能够读取或篡改这些字节而不被检测到。使用高级EVP接口或TLS的应用不受影响，仅直接影响调用低级别OCB函数的应用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69419" id="CVE-2025-69419" severity="Important" severity_desc="高风险" title="OpenSSL组件中的PKCS12_get_friendlyname()函数在处理恶意构造的PKCS#12文件时存在安全漏洞，该漏洞源于OPENSSL_uni2utf8()函数在将BMPString（UTF-16BE）转换为UTF-8的过程中，在第二遍转换时错误地将剩余源字节数作为目标缓冲区容量传递给UTF8_putc()函数。当遇到高于U+07FF的BMP码点时，UTF-8需要三个字节编码，但传递的容量可能仅为两个字节，导致UTF8_putc()返回-1，并被错误地加到输出长度中，使得长度变为负数，随后在负偏移处写入结尾NUL字节，造成堆外写入。攻击者可通过提供恶意PKCS#12文件触发此漏洞，可能导致内存损坏和拒绝服务（Denial of Service）。值得注意的是，FIPS模块不受此漏洞影响，而OpenSSL 3.6、3.5、3.4、3.3、3.0和1.1.1版本均受影响，1.0.2版本则不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69420" id="CVE-2025-69420" severity="Important" severity_desc="高风险" title="OpenSSL的ossl_ess_get_signing_cert()和ossl_ess_get_signing_cert_v2()函数在验证时间戳响应（TimeStamp Response）时存在类型混淆漏洞，该漏洞源于在处理签名证书属性值时未对其ASN1_TYPE类型进行正确校验，导致直接以错误的类型访问ASN1_TYPE联合体成员。攻击者可以通过向调用TS_RESP_verify_response()函数的应用程序提供恶意构造的时间戳响应响应，触发无效或空指针解引用，从而导致应用程序崩溃并造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69421" id="CVE-2025-69421" severity="Important" severity_desc="高风险" title="OpenSSL的PKCS12_item_decrypt_d2i_ex()函数在处理恶意构造的PKCS#12文件时存在空指针解引用漏洞。该漏洞源于该函数在被PKCS12_unpack_p7encdata()调用时，未对传入的oct参数进行空值校验便直接进行解引用操作。攻击者可以通过向应用程序提供特制的畸形PKCS#12文件，诱导程序触发崩溃，从而导致拒绝服务（DoS）。该漏洞仅限于可用性影响，无法用于获取权限或泄露敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9230" id="CVE-2025-9230" severity="Important" severity_desc="高风险" title="OpenSSL 存在一个与 CMS消息中基于密码的加密功能相关的内存安全漏洞，该漏洞可能导致越界读取和越界写入操作，从而引发拒绝服务" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22795" id="CVE-2026-22795" severity="Moderate" severity_desc="中风险" title="OpenSSL组件在处理畸形的PKCS#12文件时存在安全漏洞，该漏洞源于PKCS#12解析代码中存在类型混淆问题，在未验证类型的情况下访问了ASN1_TYPE联合体成员，导致无效指针读取。攻击者可构造恶意的PKCS#12文件，诱使应用程序处理该文件从而触发空指针或无效指针解引用，造成内存读取异常，最终导致应用程序崩溃，引发拒绝服务攻击。由于该漏洞需要用户或应用程序主动处理恶意文件，且PKCS#12文件通常用于存储受信任的私钥，因此实际利用难度较高。漏洞影响OpenSSL 3.6、3.5、3.4、3.3、3.0和1.1.1版本，而OpenSSL 1.0.2及FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22796" id="CVE-2026-22796" severity="Moderate" severity_desc="中风险" title="OpenSSL的PKCS#7签名验证功能存在类型混淆漏洞，该漏洞源于`PKCS7_digest_from_attributes()`函数在处理签名的PKCS#7数据时，未验证ASN1_TYPE联合体成员的类型便直接访问，当处理畸形的PKCS#7数据时，可能导致解引用无效或空指针，从而引发应用程序崩溃并造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28387" id="CVE-2026-28387" severity="Low" severity_desc="低风险" title="OpenSSL客户端在处理DANE TLSA记录时存在释放后重用/双重释放漏洞，该漏洞源于对特定配置的TLSA记录（同时包含PKIX-TA(0)/PKIX-EE(1)和DANE-TA(2)证书用途）未正确管理内存。可能导致数据损坏、应用程序崩溃或执行任意代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28388" id="CVE-2026-28388" severity="Important" severity_desc="高风险" title="OpenSSL组件在处理包含Delta CRL Indicator扩展的增量CRL时，若缺少必需的CRL Number扩展，可能发生空指针解引用。该漏洞源于在X.509证书验证过程中启用CRL和增量CRL处理时，未检查CRL Number扩展是否为空便直接对其进行解引用。当应用程序处理恶意构造的增量CRL文件时，可触发空指针解引用，导致应用程序崩溃，从而引发拒绝服务攻击。攻击者需使能X509_V_FLAG_USE_DELTAS标志、目标证书含freshestCRL扩展或基础CRL设置EXFLAG_FRESHEST标志，并向应用提供畸形CRL才能成功利用此漏洞。该漏洞仅限于造成拒绝服务，无法升级为代码执行或内存泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28389" id="CVE-2026-28389" severity="Important" severity_desc="高风险" title="OpenSSL组件在处理构造的CMS EnvelopedData消息时存在空指针解引用漏洞，该漏洞源于在使用KeyAgreeRecipientInfo处理过程中未检查可选参数字段是否存在即直接访问，导致当字段缺失时发生空指针解引用。攻击者可通过向调用CMS_decrypt()函数的应用程序（如S/MIME处理或基于CMS的协议）提供恶意构造的CMS数据，在认证或加密操作之前触发应用程序崩溃，从而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28390" id="CVE-2026-28390" severity="Important" severity_desc="高风险" title="OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。
OpenSSL存在安全漏洞，该漏洞源于处理特制的使用KeyTransportRecipientInfo的CMS EnvelopedData消息时可能导致空指针取消引用，可能导致应用程序崩溃和拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="compat-openssl11-devel" release="13.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/compat-openssl11-devel-1.1.1m-13.p03.ky11.loongarch64.rpm" version="1.1.1m">
					<filename>compat-openssl11-devel-1.1.1m-13.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="compat-openssl11-libs" release="13.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/compat-openssl11-libs-1.1.1m-13.p03.ky11.loongarch64.rpm" version="1.1.1m">
					<filename>compat-openssl11-libs-1.1.1m-13.p03.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1219</id>
		<title>关于 cpp-httplib 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:17"/>
		<updated date="2026-05-25 18:19:23"/>
		<severity>Important</severity>
		<description>关于 cpp-httplib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28434" id="CVE-2026-28434" severity="Moderate" severity_desc="中风险" title="cpp-httplib 是一个基于C++11的跨平台HTTP/HTTPS单文件头库。在0.35.0版本之前，当请求处理函数抛出C++异常且应用程序未通过set_exception_handler()注册自定义异常处理器时，库会捕获该异常并将异常消息直接写入名为EXCEPTION_WHAT的HTTP响应头中。此行为默认开启，无需特殊配置即可触发，也无需身份验证。攻击者可借此获取服务器内部异常信息，造成敏感信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28435" id="CVE-2026-28435" severity="Important" severity_desc="高风险" title="cpp-httplib库的`HandlerWithContentReader`（流式ContentReader）功能在处理使用`Content-Encoding: gzip`（或其他受支持编码）的请求时，存在请求载荷限制绕过漏洞，该漏洞源于库未对解压缩后的请求体强制执行`Server::set_payload_max_length()`函数设置的最大载荷长度限制。攻击者可利用此漏洞通过发送一个较小的压缩载荷，使其在解压后超出配置的限制并被应用程序处理，从而绕过载荷大小限制，可能导致服务端资源（CPU/内存）耗尽，引发拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="cpp-httplib" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cpp-httplib-0.22.0-2.p01.ky11.loongarch64.rpm" version="0.22.0">
					<filename>cpp-httplib-0.22.0-2.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="cpp-httplib-devel" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cpp-httplib-devel-0.22.0-2.p01.ky11.loongarch64.rpm" version="0.22.0">
					<filename>cpp-httplib-devel-0.22.0-2.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1220</id>
		<title>关于 cups 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:17"/>
		<updated date="2026-05-25 18:19:36"/>
		<severity>Moderate</severity>
		<description>关于 cups 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27447" id="CVE-2026-27447" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.16及之前版本存在安全漏洞，该漏洞源于授权检查时用户名比较不区分大小写，可能导致授权绕过。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34978" id="CVE-2026-34978" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS 2.4.16 及之前版本的 RSS 通知模块存在路径遍历漏洞，该漏洞源于在处理 notify-recipient-uri 参数时未正确限制路径跳转（如允许使用..），使得远程 IPP 客户端能够将 RSS XML 数据写入 CacheDir/rss 目录之外的任意 lp 用户可写位置。由于 CacheDir 默认具有组写权限，以 lp 用户运行的通知进程可以通过临时文件加重命名的方式替换 root 管理的状态文件。攻击者可通过构造恶意 URI 覆盖关键缓存文件，导致 cupsd 重启后无法解析作业缓存，造成已排队作业丢失，引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34979" id="CVE-2026-34979" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.16及之前版本存在安全漏洞，该漏洞源于CUPS调度程序在从作业属性构建过滤器选项字符串时存在基于堆的缓冲区溢出。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34980" id="CVE-2026-34980" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS的cupsd模块在共享目标队列配置下存在打印作业认证绕过漏洞，该漏洞源于未验证客户端身份。攻击者可向共享PostScript队列发送未认证的Print-Job请求，服务器接受包含换行符的页面边框值，并在解析过程中将恶意构造的第二行PPD文本误认为受信任的调度器控制记录。后续原始打印作业可导致服务器以lp权限执行攻击者指定的现有二进制文件。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34990" id="CVE-2026-34990" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS 存在权限提升漏洞。OpenPrinting CUPS 是一个用于 Linux 及类 Unix 系统的开源打印系统。该漏洞存在于 2.4.16 及之前版本中，允许本地非特权用户诱导 cupsd 进程向攻击者控制的本地 IPP 服务发起身份验证，并获取可重用的 Authorization: Local 令牌。攻击者可以利用该令牌在本地执行 /admin/ 请求，并通过组合使用 CUPS-Create-Local-Printer 和 printer-is-shared=true 参数，即使 FileDevice 策略默认拒绝此类 URI，也能持久化保存一个 file:///... 打印队列。进一步地，向该队列发送打印任务可实现任意 root 文件覆盖；测试表明，攻击者可通过写入 sudoers 片段来获得 root 命令执行能力。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39314" id="CVE-2026-39314" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS的cups/ppd-cache.c文件中的_ppdCreateFromIPP()函数存在整数下溢漏洞，该漏洞源于对job-password-supported IPP属性值的边界检查不完整，仅限制了上限而未对负值进行校验。当本地低权限用户提供负值的job-password-supported属性时，该负值通过验证后被转换为size_t类型（导致数值回绕至约2^64），并作为memset()函数的长度参数作用于33字节的栈缓冲区，从而导致cupsd根进程立即发生SIGSEGV崩溃。结合systemd的Restart=on-failure配置，攻击者可重复触发崩溃以实现持续的拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39316" id="CVE-2026-39316" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.16及之前版本存在资源管理错误漏洞，该漏洞源于自动删除临时打印机时存在释放后重用问题，可能导致拒绝服务或代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41079" id="CVE-2026-41079" severity="Moderate" severity_desc="中风险" title="OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。
OpenPrinting CUPS 2.4.17之前版本存在缓冲区错误漏洞，该漏洞源于网络邻近攻击者可发送特制SNMP响应导致栈缓冲区越界读取，泄露的内存被转换为UTF-8并存储为打印机供应描述字符串，随后可通过IPP Get-Printer-Attributes响应和CUPS Web界面被认证用户查看。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="cups" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="cups-client" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-client-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-client-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="cups-devel" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-devel-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-devel-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="cups-filesystem" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-filesystem-2.4.7-6.se.02.p03.ky11.noarch.rpm" version="2.4.7">
					<filename>cups-filesystem-2.4.7-6.se.02.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="cups-help" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-help-2.4.7-6.se.02.p03.ky11.noarch.rpm" version="2.4.7">
					<filename>cups-help-2.4.7-6.se.02.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="cups-ipptool" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-ipptool-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-ipptool-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="cups-libs" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-libs-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-libs-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="cups-lpd" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-lpd-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-lpd-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="cups-printerapp" release="6.se.02.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cups-printerapp-2.4.7-6.se.02.p03.ky11.loongarch64.rpm" version="2.4.7">
					<filename>cups-printerapp-2.4.7-6.se.02.p03.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1221</id>
		<title>关于 dav1d 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:18"/>
		<updated date="2026-05-25 18:19:49"/>
		<severity>Moderate</severity>
		<description>关于 dav1d 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-1580" id="CVE-2024-1580" severity="Moderate" severity_desc="中风险" title="dav1d AV1解码器在解码大尺寸视频帧时存在整数溢出漏洞，该漏洞源于对视频帧尺寸的整数运算未进行正确校验，导致在处理特定构造的视频数据时可能发生内存损坏。攻击者可通过诱使用户解码恶意视频文件触发该漏洞，可能导致信息泄露或系统崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="dav1d" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/dav1d-0.5.2-4.ky11.loongarch64.rpm" version="0.5.2">
					<filename>dav1d-0.5.2-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libdav1d" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libdav1d-0.5.2-4.ky11.loongarch64.rpm" version="0.5.2">
					<filename>libdav1d-0.5.2-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libdav1d-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libdav1d-devel-0.5.2-4.ky11.loongarch64.rpm" version="0.5.2">
					<filename>libdav1d-devel-0.5.2-4.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1222</id>
		<title>关于 editorconfig 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:19"/>
		<updated date="2026-05-25 18:20:03"/>
		<severity>Important</severity>
		<description>关于 editorconfig 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40489" id="CVE-2026-40489" severity="Important" severity_desc="高风险" title="editorconfig-core-c 的 ec_glob() 函数存在栈缓冲区溢出漏洞，该漏洞源于对 CVE-2023-0341 的修复不完整，仅保护了 pcre_str 缓冲区，而未对相邻的 l_pattern[8194] 栈缓冲区进行同等保护。攻击者可通过提供特制的目录结构和 .editorconfig 文件，利用该漏洞导致任何使用 libeditorconfig 的应用程序崩溃，在 Ubuntu 24.04 上，FORTIFY_SOURCE 会将溢出转换为 SIGABRT（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="editorconfig" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/editorconfig-0.12.6-3.ky11.loongarch64.rpm" version="0.12.6">
					<filename>editorconfig-0.12.6-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="editorconfig-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/editorconfig-devel-0.12.6-3.ky11.loongarch64.rpm" version="0.12.6">
					<filename>editorconfig-devel-0.12.6-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="editorconfig-libs" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/editorconfig-libs-0.12.6-3.ky11.loongarch64.rpm" version="0.12.6">
					<filename>editorconfig-libs-0.12.6-3.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1226</id>
		<title>关于 edk2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:21"/>
		<updated date="2026-05-25 18:20:40"/>
		<severity>Important</severity>
		<description>关于 edk2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68160" id="CVE-2025-68160" severity="Moderate" severity_desc="中风险" title="OpenSSL的BIO_f_linebuffer行缓冲过滤器在处理包含大量无换行符数据且后续BIO执行短写入操作的BIO链时，存在堆越界写入漏洞。该漏洞源于对缓冲区边界校验不足，可能导致内存损坏，进而引发应用程序崩溃，造成拒绝服务。在OpenSSL命令行应用中，此过滤器通常仅在VMS系统上推送到stdout/stderr；第三方应用若显式使用此过滤器且攻击者可控制写入大量无换行符数据，则可能受影响，但实际攻击场景难以被攻击者控制，故评估为低严重性。OpenSSL 3.6、3.5、3.4、3.3、3.0、1.1.1和1.0.2版本受影响，FIPS模块不受影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69418" id="CVE-2025-69418" severity="Moderate" severity_desc="中风险" title="OpenSSL的硬件加速代码路径中的低级别OCB API（CRYPTO_ocb128_encrypt()和CRYPTO_ocb128_decrypt()函数）存在逻辑缺陷，该漏洞源于在处理长度非16字节倍数的输入时，函数在处理完完整的16字节块后未能正确更新输入/输出指针，导致后续的尾部处理代码重复处理缓冲区开头的数据，而实际尾部字节（1-15字节）未被加密和认证。这可能导致加密时消息尾部字节以明文形式泄露，且这些字节不受认证标签保护，攻击者能够读取或篡改这些字节而不被检测到。使用高级EVP接口或TLS的应用不受影响，仅直接影响调用低级别OCB函数的应用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-31790" id="CVE-2026-31790" severity="Important" severity_desc="高风险" title="OpenSSL组件中的RSASVE（RSA Secret Key Encapsulation）密钥封装机制存在安全漏洞，该漏洞源于在使用RSA公钥加密建立秘密加密密钥时，未正确验证加密操作是否成功。当RSA加密失败时，程序仍会错误地返回成功状态并设置输出长度，导致调用方误以为生成了有效的密文。若应用程序在未先验证攻击者提供的非法RSA公钥的情况下，使用EVP_PKEY_encapsulate()函数进行密钥封装，则可能导致调用方提供的密文缓冲区中残留或未初始化的数据被泄露给攻击者。攻击者可利用此漏洞获取先前进程运行过程中留下的敏感信息，造成敏感数据泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="edk2-aarch64" release="25.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-aarch64-202308-25.p10.ky11.noarch.rpm" version="202308">
					<filename>edk2-aarch64-202308-25.p10.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="edk2-devel" release="25.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-devel-202308-25.p10.ky11.loongarch64.rpm" version="202308">
					<filename>edk2-devel-202308-25.p10.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-help" release="25.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-help-202308-25.p10.ky11.noarch.rpm" version="202308">
					<filename>edk2-help-202308-25.p10.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-ovmf" release="25.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-ovmf-202308-25.p10.ky11.noarch.rpm" version="202308">
					<filename>edk2-ovmf-202308-25.p10.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="edk2-ovmf-loongarch64" release="25.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/edk2-ovmf-loongarch64-202308-25.p10.ky11.noarch.rpm" version="202308">
					<filename>edk2-ovmf-loongarch64-202308-25.p10.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-edk2-devel" release="25.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-edk2-devel-202308-25.p10.ky11.noarch.rpm" version="202308">
					<filename>python3-edk2-devel-202308-25.p10.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1235</id>
		<title>关于 expat 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:32"/>
		<updated date="2026-05-25 18:22:41"/>
		<severity>Low</severity>
		<description>关于 expat 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41080" id="CVE-2026-41080" severity="Low" severity_desc="低风险" title="libexpat的XML解析器存在熵不足漏洞，该漏洞源于libexpat 2.7.6之前版本在生成哈希值时使用了不足的随机熵，导致攻击者可通过特制的XML文档触发哈希冲突攻击，进而造成服务端拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="expat" release="18.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/expat-2.5.0-18.ky11.loongarch64.rpm" version="2.5.0">
					<filename>expat-2.5.0-18.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="expat-devel" release="18.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/expat-devel-2.5.0-18.ky11.loongarch64.rpm" version="2.5.0">
					<filename>expat-devel-2.5.0-18.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="expat-help" release="18.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/expat-help-2.5.0-18.ky11.noarch.rpm" version="2.5.0">
					<filename>expat-help-2.5.0-18.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1236</id>
		<title>关于 firewalld 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:33"/>
		<updated date="2026-05-25 18:22:58"/>
		<severity>Moderate</severity>
		<description>关于 firewalld 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4948" id="CVE-2026-4948" severity="Moderate" severity_desc="中风险" title="firewalld的D-Bus运行时设置器setZoneSettings2和setPolicySettings存在授权不当漏洞，该漏洞源于对本地非特权用户的权限校验不充分，导致用户无需正确认证即可修改运行时防火墙状态，进而可能造成网络安全配置被未授权更改。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="firewall-config" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/firewall-config-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewall-config-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/firewalld-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld-doc" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/firewalld-doc-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-doc-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld-filesystem" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/firewalld-filesystem-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-filesystem-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="firewalld-test" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/firewalld-test-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>firewalld-test-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-firewall" release="7.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-firewall-1.2.6-7.p02.ky11.noarch.rpm" version="1.2.6">
					<filename>python3-firewall-1.2.6-7.p02.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1240</id>
		<title>关于 giflib 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:37"/>
		<updated date="2026-05-25 17:55:08"/>
		<severity>Moderate</severity>
		<description>关于 giflib 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23868" id="CVE-2026-23868" severity="Moderate" severity_desc="中风险" title="Giflib库中的GifMakeSavedImage函数由于浅拷贝和错误处理不当，导致存在双重释放漏洞。攻击者在特定条件下可能触发该漏洞，造成内存损坏，进而引发应用程序崩溃或潜在的任意代码执行风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="giflib" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/giflib-5.2.2-3.p01.ky11.loongarch64.rpm" version="5.2.2">
					<filename>giflib-5.2.2-3.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="giflib-devel" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/giflib-devel-5.2.2-3.p01.ky11.loongarch64.rpm" version="5.2.2">
					<filename>giflib-devel-5.2.2-3.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="giflib-help" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/giflib-help-5.2.2-3.p01.ky11.noarch.rpm" version="5.2.2">
					<filename>giflib-help-5.2.2-3.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="giflib-utils" release="3.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/giflib-utils-5.2.2-3.p01.ky11.loongarch64.rpm" version="5.2.2">
					<filename>giflib-utils-5.2.2-3.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1248</id>
		<title>关于 gnutls 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:45"/>
		<updated date="2026-05-25 18:28:47"/>
		<severity>Important</severity>
		<description>关于 gnutls 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33845" id="CVE-2026-33845" severity="Important" severity_desc="高风险" title="GnuTLS的DTLS握手解析功能存在整数下溢漏洞，该漏洞源于对零长度且非零偏移量的畸形数据包片段处理不当，导致在重组过程中发生整数下溢，进而引发越界读取。攻击者可远程利用此漏洞，可能导致信息泄露或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33846" id="CVE-2026-33846" severity="Important" severity_desc="高风险" title="GnuTLS的DTLS握手指令片段重组逻辑存在堆缓冲区溢出漏洞，该漏洞源于merge_handshake_packet()函数在匹配和合并传入的握手指令片段时，仅依据指令类型进行匹配，而未验证同一逻辑指令的所有片段中message_length字段是否一致。攻击者可通过发送包含冲突message_length值的特制DTLS片段，导致实现基于较小的初始片段分配缓冲区，随后使用较大的不一致片段写入超出其边界的数据。由于合并操作未对分配的缓冲区大小执行正确的边界检查，导致堆上越界写入。该漏洞可被远程利用，无需认证，通过DTLS握手路径触发，可能导致应用程序崩溃或潜在的内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3833" id="CVE-2026-3833" severity="Moderate" severity_desc="中风险" title="GnuTLS 存在证书验证绕过漏洞。此漏洞的产生原因是 gnutls 在比较 `nameConstraints` 标签时执行区分大小写的比较，特别是对于 `excludedSubtrees` 或 `permittedSubtrees` 中的 `dNSName`（DNS）或 `rfc822Name`（电子邮件）约束。远程攻击者可以通过构造一个叶证书，使其“主题备用名”（SAN）中的大小写不同，从而利用此漏洞，导致策略绕过，原本应该被拒绝的证书反而被接受。这可能导致未经授权的访问或信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42009" id="CVE-2026-42009" severity="Important" severity_desc="高风险" title="GnuTLS是GnuTLS开源的一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。
gnutls存在安全漏洞，该漏洞源于Datagram Transport Layer Security数据包重排序逻辑问题，可能导致远程攻击者利用比较函数未正确处理重复序列号的数据包，造成不稳定数据包排序或未定义行为，导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42010" id="CVE-2026-42010" severity="Important" severity_desc="高风险" title="GnuTLS的RSA-PSK（Rivest–Shamir–Adleman – Pre-Shared Key）模块存在认证绕过漏洞，该漏洞源于服务器在处理包含NUL字符的用户名时，错误地将此类用户名与截断后的用户名进行匹配。远程攻击者可通过发送特制的用户名利用此漏洞，绕过身份验证过程，导致未授权访问，从而可能获取高权限或敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42013" id="CVE-2026-42013" severity="Moderate" severity_desc="中风险" title="GnuTLS 在验证主机名时存在逻辑缺陷。当证书包含过长的 dNSName SAN（超过 256 字节）时，验证函数会因缓冲区溢出错误提前退出循环，错误地回退到检查通用名称（CN）。这导致即使存在不受支持的 SAN，攻击者仍可利用 CN 匹配绕过主机名验证，从而造成身份验证绕过。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42014" id="CVE-2026-42014" severity="Moderate" severity_desc="中风险" title="GnuTLS 存在释放后重用漏洞。当调用 gnutls_pkcs11_token_set_pin() 函数时，如果使用 GNUTLS_PIN_SO 参数、oldpin == NULL，且令牌未声明 CKF_PROTECTED_AUTHENTICATION_PATH 特性，则解析后的 PKCS#11 URI 会在会话打开后立即被释放，但随后在 SO PIN 获取路径中被重复使用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42015" id="CVE-2026-42015" severity="Moderate" severity_desc="中风险" title="GnuTLS 存在缓冲区错误漏洞，在 gnutls_pkcs12_bag_set_data() 函数中存在一个差一错误（off-by-one）边界检查，当 PKCS#12 包（bag）已包含最大数量的元素时，该错误可能导致堆越界写入。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5260" id="CVE-2026-5260" severity="Moderate" severity_desc="中风险" title="GnuTLS的_gnutls_pkcs11_privkey_decrypt_data2函数在处理TLS RSA和RSA-PSK握手时的PKCS#11 RSA解密路径中存在越界读取漏洞，该漏洞源于函数依据密文长度分配临时缓冲区，但在解密失败或密文过短时，恒定时间拷贝循环仍尝试读取固定长度的明文数据，且握手代码未校验ClientKeyExchange中密文长度是否满足最小要求。攻击者可通过发送长度异常的ClientKeyExchange消息触发越界读取，导致服务崩溃或敏感内存信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5419" id="CVE-2026-5419" severity="Moderate" severity_desc="中风险" title="GnuTLS 库中 PKCS#7 填充移除函数存在时序侧信道漏洞。该漏洞源于在解密过程中，填充校验逻辑未采用恒定时间实现，特别是在处理无效填充字节时存在提前返回机制，且后续循环校验存在时序差异。远程攻击者可利用此时间差构建填充预言机攻击，通过观察函数返回的时间差异，推导出块密码最后一字节的值，进而逐步恢复加密数据的明文信息。建议使用恒定时间布尔函数替换现有条件判断逻辑并优化循环实现以消除时序泄漏。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="gnutls" release="5.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-3.8.2-5.p08.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-3.8.2-5.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gnutls-dane" release="5.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-dane-3.8.2-5.p08.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-dane-3.8.2-5.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gnutls-devel" release="5.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-devel-3.8.2-5.p08.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-devel-3.8.2-5.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gnutls-help" release="5.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-help-3.8.2-5.p08.ky11.noarch.rpm" version="3.8.2">
					<filename>gnutls-help-3.8.2-5.p08.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gnutls-utils" release="5.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gnutls-utils-3.8.2-5.p08.ky11.loongarch64.rpm" version="3.8.2">
					<filename>gnutls-utils-3.8.2-5.p08.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1249</id>
		<title>关于 golang 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:49"/>
		<updated date="2026-05-25 18:29:04"/>
		<severity>Important</severity>
		<description>关于 golang 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27140" id="CVE-2026-27140" severity="Important" severity_desc="高风险" title="Golang 在处理包含 'cgo' 的 SWIG 文件时存在安全漏洞，该漏洞源于构建过程中未能正确校验文件名及载荷内容，导致攻击者可通过构造恶意的 SWIG 文件实现代码走私，并在编译阶段执行任意代码。此问题根本原因为信任层被绕过，使得不受信的代码得以在构建时被执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27143" id="CVE-2026-27143" severity="Important" severity_desc="高风险" title="Golang编译器在处理循环中的归纳变量算术运算时存在检查缺失漏洞，该漏洞源于未正确校验变量是否发生溢出或下溢。编译器允许可能产生无效索引的代码通过检查，导致运行时发生内存越界访问。可能导致内存破坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27144" id="CVE-2026-27144" severity="Important" severity_desc="高风险" title="Google Go存在安全漏洞，该漏洞源于无操作接口转换阻止编译器正确确定非重叠移动，可能导致运行时内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32288" id="CVE-2026-32288" severity="Moderate" severity_desc="中风险" title="Go语言标准库中的tar.Reader模块存在拒绝服务漏洞，该漏洞源于处理包含大量&quot;旧GNU稀疏映射&quot;格式稀疏区域的恶意归档文件时，未限制内存分配量。可能导致程序分配超出预期的内存量，造成内存耗尽或拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="golang" release="45.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/golang-1.21.4-45.p01.ky11.loongarch64.rpm" version="1.21.4">
					<filename>golang-1.21.4-45.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="golang-devel" release="45.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/golang-devel-1.21.4-45.p01.ky11.loongarch64.rpm" version="1.21.4">
					<filename>golang-devel-1.21.4-45.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="golang-help" release="45.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/golang-help-1.21.4-45.p01.ky11.noarch.rpm" version="1.21.4">
					<filename>golang-help-1.21.4-45.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1250</id>
		<title>关于 grub2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:50"/>
		<updated date="2026-05-25 18:29:16"/>
		<severity>Moderate</severity>
		<description>关于 grub2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-61661" id="CVE-2025-61661" severity="Moderate" severity_desc="中风险" title="GRUB（Grand Unified Bootloader）组件在处理USB设备信息时存在缓冲区错误漏洞，该漏洞源于引导加载程序在读取USB设备信息时未正确处理字符串转换，导致长度值不一致。本地攻击者可在引导序列期间连接特制的USB设备以触发此问题，成功利用可能导致GRUB崩溃，进而引发拒绝服务。虽然也可能造成数据损坏，但鉴于利用的复杂性，影响范围有限。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="1" name="grub2-common" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-common-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-common-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-aa64-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-aa64-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-aa64-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-aa64-trust-measure-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-aa64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-aa64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="grub2-efi-loongarch64" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-loongarch64-2.12-41.p03.se.02.ky11.loongarch64.rpm" version="2.12">
					<filename>grub2-efi-loongarch64-2.12-41.p03.se.02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="grub2-efi-loongarch64-cdboot" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-loongarch64-cdboot-2.12-41.p03.se.02.ky11.loongarch64.rpm" version="2.12">
					<filename>grub2-efi-loongarch64-cdboot-2.12-41.p03.se.02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-loongarch64-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-loongarch64-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-loongarch64-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-loongarch64-trust-measure-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-loongarch64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-loongarch64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-x64-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-x64-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-x64-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-efi-x64-trust-measure-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-efi-x64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-efi-x64-trust-measure-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-help" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-help-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-help-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="grub2-pc-modules" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-pc-modules-2.12-41.p03.se.02.ky11.noarch.rpm" version="2.12">
					<filename>grub2-pc-modules-2.12-41.p03.se.02.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="grub2-tools" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-tools-2.12-41.p03.se.02.ky11.loongarch64.rpm" version="2.12">
					<filename>grub2-tools-2.12-41.p03.se.02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="grub2-tools-extra" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-tools-extra-2.12-41.p03.se.02.ky11.loongarch64.rpm" version="2.12">
					<filename>grub2-tools-extra-2.12-41.p03.se.02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="grub2-tools-minimal" release="41.p03.se.02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/grub2-tools-minimal-2.12-41.p03.se.02.ky11.loongarch64.rpm" version="2.12">
					<filename>grub2-tools-minimal-2.12-41.p03.se.02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1251</id>
		<title>关于 gstreamer1-plugins-base 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:51"/>
		<updated date="2026-06-01 16:25:47"/>
		<severity>Important</severity>
		<description>关于 gstreamer1-plugins-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-2921" id="CVE-2026-2921" severity="Important" severity_desc="高风险" title="GStreamer多媒体框架在处理AVI文件中的RIFF调色板数据时存在整数溢出漏洞，该漏洞源于程序在处理用户提供的调色板数据时未进行充分的边界校验。攻击者可构造恶意的AVI文件，诱使用户或应用程序使用受影响的GStreamer库进行解析，从而触发整数溢出并最终实现在当前进程上下文中执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="gstreamer1-plugins-base" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-base-1.22.5-4.ky11.loongarch64.rpm" version="1.22.5">
					<filename>gstreamer1-plugins-base-1.22.5-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gstreamer1-plugins-base-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-base-devel-1.22.5-4.ky11.loongarch64.rpm" version="1.22.5">
					<filename>gstreamer1-plugins-base-devel-1.22.5-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gstreamer1-plugins-base-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-base-help-1.22.5-4.ky11.noarch.rpm" version="1.22.5">
					<filename>gstreamer1-plugins-base-help-1.22.5-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1252</id>
		<title>关于 gstreamer1-plugins-good 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:51"/>
		<updated date="2026-05-25 18:29:29"/>
		<severity>Moderate</severity>
		<description>关于 gstreamer1-plugins-good 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-47183" id="CVE-2025-47183" severity="Moderate" severity_desc="中风险" title="GStreamer 1.26.1及之前版本存在安全漏洞，该漏洞源于qtdemux_parse_tree函数存在越界读取，可能导致信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1940" id="CVE-2026-1940" severity="Moderate" severity_desc="中风险" title="GStreamer的WAV解析模块中的gst_wavparse_adtl_chunk()函数存在越界读取漏洞，该漏洞源于对CVE-2024-47778的修复不完整。补丁添加了lsize + 8 &gt; size的大小验证检查，但未考虑实际偏移计算中使用的GST_ROUND_UP_2(lsize)宏。当lsize为奇数时，解析器前进的字节数超过已验证的范围，导致越界读取。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="gstreamer1-plugins-good" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-good-1.20.3-8.ky11.loongarch64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-1.20.3-8.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gstreamer1-plugins-good-extras" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-good-extras-1.20.3-8.ky11.loongarch64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-extras-1.20.3-8.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gstreamer1-plugins-good-gtk" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-good-gtk-1.20.3-8.ky11.loongarch64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-gtk-1.20.3-8.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gstreamer1-plugins-good-qt" release="8.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gstreamer1-plugins-good-qt-1.20.3-8.ky11.loongarch64.rpm" version="1.20.3">
					<filename>gstreamer1-plugins-good-qt-1.20.3-8.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1253</id>
		<title>关于 harfbuzz 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:52"/>
		<updated date="2026-05-25 18:29:42"/>
		<severity>Moderate</severity>
		<description>关于 harfbuzz 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22693" id="CVE-2026-22693" severity="Moderate" severity_desc="中风险" title="HarfBuzz组件在12.3.0版本之前，SubtableUnicodesCache::create函数存在空指针解引用漏洞。该漏洞源于未检查hb_malloc内存分配函数的返回值，导致在内存分配失败时尝试在空指针上使用placement new语法调用构造函数，引发段错误（拒绝服务）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="harfbuzz" release="2.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/harfbuzz-8.3.0-2.p02.ky11.loongarch64.rpm" version="8.3.0">
					<filename>harfbuzz-8.3.0-2.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="harfbuzz-devel" release="2.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/harfbuzz-devel-8.3.0-2.p02.ky11.loongarch64.rpm" version="8.3.0">
					<filename>harfbuzz-devel-8.3.0-2.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="harfbuzz-help" release="2.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/harfbuzz-help-8.3.0-2.p02.ky11.noarch.rpm" version="8.3.0">
					<filename>harfbuzz-help-8.3.0-2.p02.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1258</id>
		<title>关于 ImageMagick 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:56"/>
		<updated date="2026-05-25 18:31:12"/>
		<severity>Moderate</severity>
		<description>关于 ImageMagick 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-55004" id="CVE-2025-55004" severity="Important" severity_desc="高风险" title="ImageMagick 7.1.2-1之前版本存在安全漏洞，该漏洞源于处理带独立alpha通道图像时的堆缓冲区溢出读取，可能导致内存内容泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-55005" id="CVE-2025-55005" severity="Moderate" severity_desc="中风险" title="ImageMagick 7.1.2-1之前版本存在安全漏洞，该漏洞源于Log到sRGB色彩空间转换时未处理大于1024的参考值，可能导致内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-55154" id="CVE-2025-55154" severity="Important" severity_desc="高风险" title="ImageMagick 6.9.13-27和7.1.2-1之前版本存在输入验证错误漏洞，该漏洞源于ReadOneMNGIMage中的放大尺寸计算不安全，可能导致内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-55160" id="CVE-2025-55160" severity="Moderate" severity_desc="中风险" title="ImageMagick 6.9.13-27和7.1.2-1之前版本存在安全漏洞，该漏洞源于splay树克隆回调中的未定义行为，可能导致确定性中止。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-55212" id="CVE-2025-55212" severity="Low" severity_desc="低风险" title="ImageMagick 6.9.13-28和7.1.2-2之前版本存在安全漏洞，该漏洞源于几何字符串处理不当，可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-55298" id="CVE-2025-55298" severity="Important" severity_desc="高风险" title="ImageMagick 6.9.13-28和7.1.2-2之前版本存在安全漏洞，该漏洞源于格式字符串漏洞，可能导致远程代码执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-57803" id="CVE-2025-57803" severity="Important" severity_desc="高风险" title="ImageMagick 6.9.13-28之前版本和7.1.2-2之前版本存在安全漏洞，该漏洞源于BMP编码器中32位整数溢出，可能导致堆内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-57807" id="CVE-2025-57807" severity="Low" severity_desc="低风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在低于 14.8.2 的版本中，其 SeekBlob() 和 WriteBlob() 函数存在不安全实现：SeekBlob() 允许将流偏移推进到当前末尾之外而未增加容量，WriteBlob() 则按 quantum + length（摊销）而非 offset + length 扩展，并复制到 data + offset。当 offset 远大于 extent 时，会导致复制目标超出分配内存区域，在 64 位构建中造成确定性的堆写入。攻击者可利用此漏洞通过构造的数据触发越界写入，可能引发远程代码执行或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-62594" id="CVE-2025-62594" severity="Moderate" severity_desc="中风险" title="ImageMagick 7.1.2-8之前版本存在数字错误漏洞，该漏洞源于CLAHEImage函数中存在无符号整数下溢和除以零错误，可能导致越界内存访问和崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68618" id="CVE-2025-68618" severity="Moderate" severity_desc="中风险" title="ImageMagick组件存在拒绝服务漏洞，该漏洞源于在Magick模块处理SVG文件时未对输入文件进行充分校验，导致攻击者可通过上传构造的恶意SVG文件触发异常处理流程，最终引发服务不可用。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-68950" id="CVE-2025-68950" severity="Moderate" severity_desc="中风险" title="ImageMagick 7.1.2-12之前版本存在安全漏洞，该漏洞源于未检查两个MVG之间的循环引用，可能导致栈溢出和拒绝服务攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69204" id="CVE-2025-69204" severity="Moderate" severity_desc="中风险" title="ImageMagick的WriteSVGImage函数存在整数溢出漏洞，该漏洞源于使用int类型变量存储number_attributes时发生整数溢出，进而触发缓冲区溢出。可能导致拒绝服务攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-22770" id="CVE-2026-22770" severity="Moderate" severity_desc="中风险" title="ImageMagick的BilateralBlurImage方法在调用AcquireBilateralTLS分配双精度浮点缓冲区集时存在逻辑缺陷可能导致拒绝服务。该漏洞源于系统未能正确初始化缓冲区集中的最后一个元素，导致在内存分配失败的异常情况下，DestroyBilateralTLS函数会尝试释放一个未初始化的无效指针。攻击者可能利用此缺陷触发程序崩溃，造成拒绝服务（DoS）或潜在的内存破坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23874" id="CVE-2026-23874" severity="Moderate" severity_desc="中风险" title="ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。
ImageMagick 7.1.2-13之前版本存在安全漏洞，该漏洞源于MSL写命令存在无限递归导致栈溢出，可能导致栈缓冲区溢出。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23876" id="CVE-2026-23876" severity="Important" severity_desc="高风险" title="ImageMagick 7.1.2-13之前版本和6.9.13-38之前版本存在输入验证错误漏洞，该漏洞源于XBM图像解码器存在堆缓冲区溢出，可能导致处理恶意图像文件时写入受控数据。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-23952" id="CVE-2026-23952" severity="Moderate" severity_desc="中风险" title="ImageMagick（14.10.1及以下版本）的MSL（Magick Scripting Language）解析器存在空指针解引用漏洞，该漏洞源于程序在加载图像前处理 &lt;comment&gt; 标签时逻辑校验不严。攻击者可利用该漏洞构造包含特定标签顺序的恶意MSL脚本，触发调试构建中的断言失败或发布构建中的空指针解引用，导致应用程序崩溃并造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24481" id="CVE-2026-24481" severity="Important" severity_desc="高风险" title="ImageMagick的PSD（Adobe Photoshop）格式处理模块存在堆内存信息泄露漏洞，该漏洞源于在处理包含ZIP压缩图层数据的恶意PSD文件时，当解压后的数据小于预期大小时，未初始化的堆内存会被泄露到输出图像中。可能导致敏感信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24484" id="CVE-2026-24484" severity="Moderate" severity_desc="中风险" title="ImageMagick的SVG转换功能存在拒绝服务漏洞，该漏洞源于在处理多层嵌套的mvg格式转换为svg格式时，未能正确检查转换层级，导致可能触发拒绝服务。攻击者无需身份认证即可远程利用此漏洞，造成受影响系统资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24485" id="CVE-2026-24485" severity="Important" severity_desc="高风险" title="ImageMagick的DecodeImage()函数在处理PCD文件时存在拒绝服务漏洞，该漏洞源于当PCD文件中不包含有效的Sync标记时，程序会陷入无限循环以搜索该标记。这可能导致ImageMagick进程无响应并持续消耗CPU资源，最终耗尽系统资源并引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25576" id="CVE-2026-25576" severity="Moderate" severity_desc="中风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在版本 7.1.2-15 和 6.9.13-40 之前，多个原始图像格式处理器中存在堆缓冲区越读漏洞。该漏洞发生在处理图像时，若 -extract 参数指定的尺寸大于 -size 参数所定义的尺寸，则会导致从堆分配的缓冲区中进行越界内存读取。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25637" id="CVE-2026-25637" severity="Moderate" severity_desc="中风险" title="ImageMagick的ASHLAR图像写入器存在内存泄漏漏洞，该漏洞源于在处理特制的图像文件时，程序会分配小型内存对象但未能正确释放。攻击者可利用此漏洞通过提交恶意构造的图像文件，导致目标进程内存耗尽，从而引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25638" id="CVE-2026-25638" severity="Moderate" severity_desc="中风险" title="ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。
ImageMagick 7.1.2-15之前版本和6.9.13-40之前版本存在安全漏洞，该漏洞源于coders/msl.c存在内存泄漏，可能导致资源未释放。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25795" id="CVE-2026-25795" severity="Moderate" severity_desc="中风险" title="ImageMagick的SFW图像读取模块（`coders/sfw.c`中的`ReadSFWImage()`函数）存在空指针解引用漏洞，该漏洞源于在临时文件创建失败后，程序错误地销毁了`read_info`结构体，随后又尝试访问该结构体中已无效的`filename`成员。可能导致应用程序崩溃，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25796" id="CVE-2026-25796" severity="Moderate" severity_desc="中风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在 7.1.2-15 和 6.9.13-40 版本之前的 `ReadSTEGANOImage()` 函数（位于 `coders/stegano.c` 文件中），当执行三条早期返回路径时，未正确释放 `watermark` 图像对象，导致每次调用泄露约 13.5KB 以上的内存。攻击者可利用该漏洞通过反复触发内存泄漏来消耗系统资源，从而引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25797" id="CVE-2026-25797" severity="Moderate" severity_desc="中风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在 7.1.2-15 和 6.9.13-40 版本之前，其负责生成 PostScript 文件的 ps 编码器未对输入内容进行充分过滤，导致攻击者可以构造恶意文件，在生成的 PostScript 文件头部注入任意 PostScript 代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25798" id="CVE-2026-25798" severity="Moderate" severity_desc="中风险" title="ImageMagick的ClonePixelCacheRepository函数存在空指针解引用漏洞，该漏洞源于在处理特制图像文件时未能有效验证指针的有效性。可能导致远程攻击者通过提供恶意构造的图像文件，使任何链接了ImageMagick库的应用程序崩溃，从而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25799" id="CVE-2026-25799" severity="Moderate" severity_desc="中风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在版本7.1.2-15和6.9.13-40之前，YUV采样因子验证中存在逻辑错误，允许无效的采样因子绕过检查，在图像加载过程中触发除零错误，从而导致可靠的拒绝服务攻击。攻击者可以通过诱导用户处理特制的图像文件来利用该漏洞，造成 ImageMagick 进程崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25898" id="CVE-2026-25898" severity="Moderate" severity_desc="中风险" title="ImageMagick的UIL和XPM图像编码器存在越界读取漏洞，该漏洞源于GetPixelIndex()函数返回的像素索引值在使用前未经验证，在HDRI构建中，Quantum为浮点类型，像素索引值可能为负数。攻击者可通过构造包含负像素索引值的图像，在转换过程中触发全局缓冲区越界读取，可能导致信息泄露或进程崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25965" id="CVE-2026-25965" severity="Important" severity_desc="高风险" title="ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。
ImageMagick 7.1.2-15之前版本和6.9.13-40之前版本存在路径遍历漏洞，该漏洞源于路径安全策略在文件系统解析原始文件名字符串之前强制执行，可能导致路径遍历绕过策略，造成本地文件泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25966" id="CVE-2026-25966" severity="Moderate" severity_desc="中风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。其内置的“安全”策略旨在阻止对标准输入/输出流的读写操作，以防止潜在的安全风险。然而，在 7.1.2-15 和 6.9.13-40 版本之前，该策略未能阻止使用 `fd:&lt;n&gt;` 伪文件名（例如 `fd:0`、`fd:1`）的方式访问标准流。攻击者可利用这一缺陷，通过构造特定的 `fd:` 路径绕过安全限制，从而实现未授权的标准输入/输出访问，可能导致信息泄露或数据篡改。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25967" id="CVE-2026-25967" severity="Important" severity_desc="高风险" title="ImageMagick的FTXT图像读取器存在栈缓冲区溢出漏洞，该漏洞源于在处理特制的FTXT文件时，未对数据长度进行正确校验，导致发生基于栈的越界写入。攻击者可通过向受影响组件提交恶意构造的FTXT文件，触发栈缓冲区溢出，进而导致程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25968" id="CVE-2026-25968" severity="Important" severity_desc="高风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在 7.1.2-15 和 6.9.13-40 版本之前，处理 msl.c 文件中的某个属性时存在栈缓冲区溢出漏洞。攻击者可以通过提供带有超长属性值的恶意图像文件，触发固定大小的栈缓冲区溢出，从而导致内存损坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25969" id="CVE-2026-25969" severity="Moderate" severity_desc="中风险" title="ImageMagick的`coders/ashlar.c`文件中的`WriteASHLARImage`函数存在内存泄漏漏洞，该漏洞源于在分配内存结构后，当抛出异常时未能正确释放已分配的内存，可能导致内存资源耗尽。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25970" id="CVE-2026-25970" severity="Moderate" severity_desc="中风险" title="ImageMagick的SIXEL解码器在处理恶意构造的SIXEL图像文件时存在整数溢出漏洞，该漏洞源于在缓冲区重新分配操作中，使用32位有符号整数进行指针运算时发生溢出。攻击者可能利用此漏洞触发内存损坏，导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25983" id="CVE-2026-25983" severity="Moderate" severity_desc="中风险" title="ImageMagick的MSL脚本处理功能存在释放后使用漏洞，该漏洞源于在解析特制MSL脚本时，操作元素处理器会替换并释放图像对象，但解析器仍继续从该已释放的图像对象中读取数据，导致在后续解析过程中的ReadBlobString函数中发生对已释放内存的访问。攻击者可通过构造恶意的MSL脚本触发此漏洞，可能导致程序崩溃或潜在的内存信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25985" id="CVE-2026-25985" severity="Important" severity_desc="高风险" title="ImageMagick的SVG文件解析功能存在内存耗尽漏洞，该漏洞源于在处理包含恶意元素的SVG文件时，未能正确校验内存分配请求的大小。可能导致应用程序因尝试分配过量内存（约674GB）而触发内存耗尽并异常终止，造成服务中断。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25986" id="CVE-2026-25986" severity="Moderate" severity_desc="中风险" title="ImageMagick的ReadYUVImage()函数（coders/yuv.c）存在堆缓冲区溢出漏洞，该漏洞源于在处理恶意的YUV 4:2:2（NoInterlace）图像时，像素对循环会向已分配的行缓冲区之外写入一个像素。可能导致程序崩溃或内存破坏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25987" id="CVE-2026-25987" severity="Moderate" severity_desc="中风险" title="ImageMagick的MAP图像解码器在处理特制的MAP文件时存在堆缓冲区越界读取漏洞，该漏洞源于对输入数据长度验证不足，可能导致在处理图像过程中发生程序崩溃或意外内存信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25988" id="CVE-2026-25988" severity="Moderate" severity_desc="中风险" title="ImageMagick的MSL（Magick Scripting Language）解析模块（msl.c）存在内存泄漏漏洞，该漏洞源于在处理过程中未能正确更新堆栈索引，导致图像数据被存储于错误的堆栈槽位，且在发生错误时未能正确释放该内存。可能导致应用程序内存资源耗尽，影响服务稳定性。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25989" id="CVE-2026-25989" severity="Important" severity_desc="高风险" title="ImageMagick的SVG文件解析功能存在越界访问漏洞，该漏洞源于相关代码中边界检查存在一处差一错误（使用了`&gt;`而非`&gt;=`），导致防护机制被绕过并可能触发未定义的`(size_t)`类型转换。攻击者通过构造恶意的SVG文件，可导致服务拒绝。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-26066" id="CVE-2026-26066" severity="Moderate" severity_desc="中风险" title="ImageMagick 是一个用于编辑和处理数字图像的开源软件。在版本 7.1.2-15 和 6.9.13-40 之前，攻击者可以通过构造包含非法 IPTC 数据的配置文件，在使用 `IPTCTEXT` 写入时触发无限循环，从而导致程序陷入持续运行状态无法退出，最终造成拒绝服务（Denial of Service）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-26284" id="CVE-2026-26284" severity="Moderate" severity_desc="中风险" title="ImageMagick在处理PCD（Photo CD）文件中的霍夫曼编码数据时，其解码器中的一个函数存在初始化错误，导致缺乏正确的边界检查，可能引发越界读取。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-26983" id="CVE-2026-26983" severity="Moderate" severity_desc="中风险" title="ImageMagick的MSL解释器在处理无效的`&lt;map&gt;`元素时存在释放后使用漏洞，该漏洞源于在释放图像内存后仍继续使用该图像指针，导致程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27798" id="CVE-2026-27798" severity="Moderate" severity_desc="中风险" title="ImageMagick的`-wavelet-denoise`操作符在处理小尺寸图像时存在堆缓冲区越界读取漏洞，该漏洞源于对图像数据边界校验不足，可能导致敏感信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27799" id="CVE-2026-27799" severity="Moderate" severity_desc="中风险" title="ImageMagick的DJVU图像格式处理器存在堆缓冲区越界读取漏洞，该漏洞源于在计算像素缓冲区步幅（行大小）时发生32位有符号整数截断，导致步幅计算溢出，进而造成越界内存读取。可能导致信息泄露或系统不稳定。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42050" id="CVE-2026-42050" severity="Moderate" severity_desc="中风险" title="ImageMagick组件中的XTileImage函数存在栈缓冲区溢出漏洞，该漏洞源于在处理图像数据时未能正确验证输入长度，导致攻击者可以通过构造恶意的图像文件触发栈溢出，可能造成任意代码执行或程序崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="ImageMagick" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ImageMagick-7.1.2.21-1.ky11.loongarch64.rpm" version="7.1.2.21">
					<filename>ImageMagick-7.1.2.21-1.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="ImageMagick-c++" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ImageMagick-c++-7.1.2.21-1.ky11.loongarch64.rpm" version="7.1.2.21">
					<filename>ImageMagick-c++-7.1.2.21-1.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="ImageMagick-c++-devel" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ImageMagick-c++-devel-7.1.2.21-1.ky11.loongarch64.rpm" version="7.1.2.21">
					<filename>ImageMagick-c++-devel-7.1.2.21-1.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="ImageMagick-devel" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ImageMagick-devel-7.1.2.21-1.ky11.loongarch64.rpm" version="7.1.2.21">
					<filename>ImageMagick-devel-7.1.2.21-1.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="ImageMagick-help" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ImageMagick-help-7.1.2.21-1.ky11.noarch.rpm" version="7.1.2.21">
					<filename>ImageMagick-help-7.1.2.21-1.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="ImageMagick-perl" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ImageMagick-perl-7.1.2.21-1.ky11.loongarch64.rpm" version="7.1.2.21">
					<filename>ImageMagick-perl-7.1.2.21-1.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1259</id>
		<title>关于 iputils 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:57"/>
		<updated date="2026-05-25 18:31:31"/>
		<severity>Moderate</severity>
		<description>关于 iputils 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-48964" id="CVE-2025-48964" severity="Moderate" severity_desc="中风险" title="iputils的ping工具在自适应ping模式或统计数据收集功能中存在整数溢出漏洞，该漏洞源于对CVE-2025-47268的不完全修复，在ICMP Echo Reply数据包中时间戳为零时，统计计算过程中平方运算会导致中间值过大从而发生整数溢出，攻击者可通过发送特制的ICMP Echo Reply数据包导致拒绝服务（应用错误或数据收集不正确）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="iputils" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/iputils-20221126-8.p01.ky11.loongarch64.rpm" version="20221126">
					<filename>iputils-20221126-8.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="iputils-help" release="8.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/iputils-help-20221126-8.p01.ky11.noarch.rpm" version="20221126">
					<filename>iputils-help-20221126-8.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1260</id>
		<title>关于 jq 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:50:58"/>
		<updated date="2026-05-25 18:31:43"/>
		<severity>Important</severity>
		<description>关于 jq 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32316" id="CVE-2026-32316" severity="Important" severity_desc="高风险" title="jq 是一个命令行 JSON 处理器。在 1.8.1 及之前版本中，jvp_string_append() 和 jvp_string_copy_replace_bad 函数存在整数溢出漏洞，当拼接长度超过 2^31 字节的字符串时，会导致用于缓冲区分配大小计算的 32 位无符号整数发生溢出，从而分配一个极小的堆缓冲区。随后的内存拷贝操作会将完整的字符串写入这个过小的缓冲区中，造成堆缓冲区溢出（CWE-122）。攻击者可通过构造产生超长字符串的查询语句，导致进程崩溃或可能通过堆损坏实现进一步利用。该问题的根本原因在于缺乏对字符串大小的边界检查。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33947" id="CVE-2026-33947" severity="Moderate" severity_desc="中风险" title="jq的`src/jv_aux.c`文件中的`jv_setpath()`、`jv_getpath()`和`delpaths_sorted()`函数存在未受控递归漏洞，该漏洞源于程序在处理调用者提供的路径数组时，其递归深度仅由数组长度控制，而未强制执行任何深度限制。攻击者可构造一个包含约65，000个整数的扁平JSON数组（约200 KB）作为路径参数，当受信任的jq过滤器处理此输入时，将耗尽C调用栈，导致进程因段错误（SIGSEGV）而崩溃。此问题绕过了现有的MAX_PARSING_DEPTH（10，000）限制，因为该限制仅作用于JSON解析器，而无法约束运行时通过编程方式构造任意长度数组的路径操作。该漏洞可导致拒绝服务（不可恢复的崩溃），影响任何通过jq的setpath、getpath或delpaths内置函数处理不可信JSON输入的应用程序或服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33948" id="CVE-2026-33948" severity="Low" severity_desc="低风险" title="jq 在提交 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b 之前的版本中，CLI 输入解析过程中存在漏洞，允许通过嵌入的 NUL 字节绕过验证。当从文件或标准输入读取 JSON 数据时，jq 使用 strlen() 来确定缓冲区长度，而不是使用 fgets() 返回的实际字节数，导致其在遇到第一个 NUL 字节时截断输入并只解析前面的部分。攻击者可以构造带有良性 JSON 前缀并在 NUL 字节后附加恶意尾随数据的输入内容，使得 jq 只验证前缀部分为合法 JSON 并静默丢弃后续内容。依赖 jq 对不可信 JSON 进行验证后再传递给下游消费者的流程容易受到解析器差异攻击，因为这些下游消费者可能会处理包括恶意尾随字节在内的完整输入内容。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39956" id="CVE-2026-39956" severity="Moderate" severity_desc="中风险" title="jq的`_strindices`内置函数存在越界读取漏洞，该漏洞源于该函数在调用`jv_string_indexes()`前未验证传入参数是否为字符串类型，而`jv_string_indexes()`函数内部仅依赖在发布版本（使用`-DNDEBUG`编译）中会被剥离的`assert()`检查进行参数校验。攻击者可构造特定的数值输入（如`_strindices(0)`）使程序崩溃，或通过精心构造映射到特定指针的IEEE-754位模式的数值，实现受控的指针解引用和有限的内存读取/探测原语。任何使用发布版本jq处理不可信过滤器的部署均受此漏洞影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39979" id="CVE-2026-39979" severity="Moderate" severity_desc="中风险" title="jq 是一个命令行 JSON 处理器。在 2f09060afab23fe9390cce7cb860b10416e1bf5f 版本之前的提交中，libjq 库中的 jv_parse_sized() API 接受一个带有显式长度参数的计数缓冲区，但在其错误处理路径中使用 jv_string_fmt() 格式化输入缓冲区时采用 %s 方式，错误构建逻辑会在缓冲区末尾之后执行越界读取，可能导致内存信息泄露或进程终止。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40164" id="CVE-2026-40164" severity="Important" severity_desc="高风险" title="jq存在安全漏洞，该漏洞源于使用硬编码公开种子的MurmurHash3算法，可能导致攻击者通过提供特制JSON对象造成CPU耗尽。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="jq" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/jq-1.8.0-3.ky11.loongarch64.rpm" version="1.8.0">
					<filename>jq-1.8.0-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="jq-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/jq-devel-1.8.0-3.ky11.loongarch64.rpm" version="1.8.0">
					<filename>jq-devel-1.8.0-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="jq-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/jq-help-1.8.0-3.ky11.noarch.rpm" version="1.8.0">
					<filename>jq-help-1.8.0-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1280</id>
		<title>关于 krb5 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:14"/>
		<updated date="2026-05-25 18:31:57"/>
		<severity>Moderate</severity>
		<description>关于 krb5 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40355" id="CVE-2026-40355" severity="Moderate" severity_desc="中风险" title="MIT Kerberos 5（krb5）在1.22.3之前版本中的gss_accept_sec_context()函数存在空指针解引用漏洞，该漏洞源于当系统注册了NegoEx机制时，在parse_nego_message函数中未对指针进行有效检查。未经身份验证的远程攻击者可利用此漏洞触发空指针解引用，导致进程终止，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40356" id="CVE-2026-40356" severity="Moderate" severity_desc="中风险" title="MIT Kerberos 5 (krb5)的gss_accept_sec_context()函数在处理已注册NegoEx机制的系统中存在整数下溢漏洞，该漏洞源于对消息解析时未正确校验数据长度，导致整数下溢并引发越界读取。未经身份验证的远程攻击者可利用此漏洞触发parse_message函数中的进程终止，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="krb5" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-1.21.2-20.p01.ky11.loongarch64.rpm" version="1.21.2">
					<filename>krb5-1.21.2-20.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="krb5-client" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-client-1.21.2-20.p01.ky11.loongarch64.rpm" version="1.21.2">
					<filename>krb5-client-1.21.2-20.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="krb5-devel" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-devel-1.21.2-20.p01.ky11.loongarch64.rpm" version="1.21.2">
					<filename>krb5-devel-1.21.2-20.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="krb5-help" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-help-1.21.2-20.p01.ky11.noarch.rpm" version="1.21.2">
					<filename>krb5-help-1.21.2-20.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="krb5-kycompat" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-kycompat-1.21.2-20.p01.ky11.loongarch64.rpm" version="1.21.2">
					<filename>krb5-kycompat-1.21.2-20.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="krb5-libs" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-libs-1.21.2-20.p01.ky11.loongarch64.rpm" version="1.21.2">
					<filename>krb5-libs-1.21.2-20.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="krb5-server" release="20.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/krb5-server-1.21.2-20.p01.ky11.loongarch64.rpm" version="1.21.2">
					<filename>krb5-server-1.21.2-20.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1281</id>
		<title>关于 kubernetes 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:17"/>
		<updated date="2026-05-25 17:51:35"/>
		<severity>Important</severity>
		<description>关于 kubernetes 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35469" id="CVE-2026-35469" severity="Important" severity_desc="高风险" title="SpdyStream 0.5.0及之前版本存在安全漏洞，该漏洞源于SPDY/3帧解析器在分配内存前未验证攻击者控制的计数和长度，可能导致远程攻击者通过特制控制帧耗尽进程内存并引发内存不足崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kubernetes" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kubernetes-client" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-client-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-client-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kubernetes-help" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-help-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-help-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kubernetes-kubeadm" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-kubeadm-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-kubeadm-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kubernetes-kubelet" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-kubelet-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-kubelet-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kubernetes-master" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-master-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-master-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kubernetes-node" release="10.p08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kubernetes-node-1.29.1-10.p08.ky11.loongarch64.rpm" version="1.29.1">
					<filename>kubernetes-node-1.29.1-10.p08.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1283</id>
		<title>关于 lcms2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:19"/>
		<updated date="2026-05-25 18:32:12"/>
		<severity>Moderate</severity>
		<description>关于 lcms2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41254" id="CVE-2026-41254" severity="Moderate" severity_desc="中风险" title="Little CMS (lcms2) 2.18及之前版本中的cmslut.c文件在CubeSize函数中存在整数溢出漏洞，该漏洞源于在执行乘法运算之后才进行溢出检查，导致攻击者可能通过构造恶意的输入数据触发异常行为，进而可能引发拒绝服务或信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42798" id="CVE-2026-42798" severity="Moderate" severity_desc="中风险" title="Little CMS (lcms2)的cmscgats.c文件中的ParseCube函数存在整数溢出漏洞，该漏洞源于对输入数据长度校验不足，在处理特定数据时可能发生整数溢出。攻击者可利用该漏洞导致信息泄露或拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="lcms2" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/lcms2-2.16-3.ky11.loongarch64.rpm" version="2.16">
					<filename>lcms2-2.16-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="lcms2-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/lcms2-devel-2.16-3.ky11.loongarch64.rpm" version="2.16">
					<filename>lcms2-devel-2.16-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="lcms2-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/lcms2-help-2.16-3.ky11.noarch.rpm" version="2.16">
					<filename>lcms2-help-2.16-3.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="lcms2-utils" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/lcms2-utils-2.16-3.ky11.loongarch64.rpm" version="2.16">
					<filename>lcms2-utils-2.16-3.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1288</id>
		<title>关于 libarchive 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:22"/>
		<updated date="2026-05-25 18:33:10"/>
		<severity>Important</severity>
		<description>关于 libarchive 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4424" id="CVE-2026-4424" severity="Important" severity_desc="高风险" title="libarchive是libarchive开源的一款多格式存档和压缩库。
libarchive存在缓冲区错误漏洞，该漏洞源于RAR归档处理逻辑中存在堆越界读取，压缩方法转换后对LZSS滑动窗口大小的验证不当，可能导致远程攻击者通过特制RAR归档泄露敏感堆内存信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4426" id="CVE-2026-4426" severity="Moderate" severity_desc="中风险" title="libarchive是libarchive开源的一款多格式存档和压缩库。
libarchive存在安全漏洞，该漏洞源于zisofs解压缩逻辑中存在未定义行为，从ISO9660 Rock Ridge扩展中读取的pz_log2_bs字段验证不当，可能导致远程攻击者通过特制ISO文件造成内存分配错误和应用程序崩溃，引发拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5121" id="CVE-2026-5121" severity="Important" severity_desc="高风险" title="libarchive是libarchive开源的一款多格式存档和压缩库。
libarchive存在安全漏洞，该漏洞源于在32位系统上，zisofs块指针分配逻辑存在整数溢出，可能导致堆缓冲区溢出和执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="bsdcat" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/bsdcat-3.7.1-11.ky11.loongarch64.rpm" version="3.7.1">
					<filename>bsdcat-3.7.1-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="bsdcpio" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/bsdcpio-3.7.1-11.ky11.loongarch64.rpm" version="3.7.1">
					<filename>bsdcpio-3.7.1-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="bsdtar" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/bsdtar-3.7.1-11.ky11.loongarch64.rpm" version="3.7.1">
					<filename>bsdtar-3.7.1-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="bsdunzip" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/bsdunzip-3.7.1-11.ky11.loongarch64.rpm" version="3.7.1">
					<filename>bsdunzip-3.7.1-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libarchive" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libarchive-3.7.1-11.ky11.loongarch64.rpm" version="3.7.1">
					<filename>libarchive-3.7.1-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libarchive-devel" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libarchive-devel-3.7.1-11.ky11.loongarch64.rpm" version="3.7.1">
					<filename>libarchive-devel-3.7.1-11.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libarchive-help" release="11.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libarchive-help-3.7.1-11.ky11.noarch.rpm" version="3.7.1">
					<filename>libarchive-help-3.7.1-11.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1289</id>
		<title>关于 libgcrypt 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:22"/>
		<updated date="2026-05-25 18:33:22"/>
		<severity>Moderate</severity>
		<description>关于 libgcrypt 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41989" id="CVE-2026-41989" severity="Moderate" severity_desc="中风险" title="Libgcrypt的gcry_pk_decrypt函数在处理特制的ECDH密文时存在堆缓冲区溢出漏洞，该漏洞源于对输入数据长度及边界校验不充分，导致攻击者可能利用精心构造的密文触发堆缓冲区溢出，进而造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libgcrypt" release="3.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libgcrypt-1.10.2-3.p03.ky11.loongarch64.rpm" version="1.10.2">
					<filename>libgcrypt-1.10.2-3.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libgcrypt-devel" release="3.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libgcrypt-devel-1.10.2-3.p03.ky11.loongarch64.rpm" version="1.10.2">
					<filename>libgcrypt-devel-1.10.2-3.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libgcrypt-help" release="3.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libgcrypt-help-1.10.2-3.p03.ky11.noarch.rpm" version="1.10.2">
					<filename>libgcrypt-help-1.10.2-3.p03.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1290</id>
		<title>关于 libpng 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:24"/>
		<updated date="2026-05-25 18:33:34"/>
		<severity>Important</severity>
		<description>关于 libpng 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33416" id="CVE-2026-33416" severity="Important" severity_desc="高风险" title="LibPNG 是一个用于读取、创建和操作PNG格式图像文件的参考库。在 libpng 1.2.1–1.6.55 中，png_set_tRNS 与 png_set_PLTE 会在 png_struct 与 png_info 之间共享堆缓冲。释放这些缓冲时会留下悬空指针，后续代码可能访问已释放内存，导致内存破坏或崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33636" id="CVE-2026-33636" severity="Important" severity_desc="高风险" title="Libpng 是一个用于处理 PNG 图像文件的开源库。在 1.6.36 至 1.6.55 版本中，ARM/AArch64 Neon 优化的调色板扩展路径存在缓冲区越界读取和写入漏洞。当将 8 位调色板行扩展为 RGB 或 RGBA 格式时，Neon 循环在处理最后一个不完整块时未验证剩余像素数量是否足够。由于实现从行末尾反向处理，最后一次迭代会访问行缓冲区起始位置之前的内存（越界读取），并将展开的像素数据写入相同的位置（越界写入）。攻击者可通过构造恶意 PNG 文件，在启用 Neon 的设备上触发该漏洞，可能导致信息泄露或拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34757" id="CVE-2026-34757" severity="Moderate" severity_desc="中风险" title="libpng 库存在释放后使用漏洞，该漏洞源于在处理 PNG 图像文件时，若将通过 png_get_PLTE、png_get_tRNS 或 png_get_hIST 获取的指针传回同一 png_struct/png_info 对的对应 setter 函数，setter 会在从调用者提供的指针复制内容之前释放内部缓冲区，导致指针悬空并读取已释放的内存。攻击者可利用此缺陷导致元数据静默损坏或堆内存内容泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="2" name="libpng" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpng-1.6.40-9.ky11.loongarch64.rpm" version="1.6.40">
					<filename>libpng-1.6.40-9.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="libpng-devel" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpng-devel-1.6.40-9.ky11.loongarch64.rpm" version="1.6.40">
					<filename>libpng-devel-1.6.40-9.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="libpng-help" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpng-help-1.6.40-9.ky11.noarch.rpm" version="1.6.40">
					<filename>libpng-help-1.6.40-9.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="libpng-static" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpng-static-1.6.40-9.ky11.loongarch64.rpm" version="1.6.40">
					<filename>libpng-static-1.6.40-9.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="libpng-tools" release="9.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpng-tools-1.6.40-9.ky11.loongarch64.rpm" version="1.6.40">
					<filename>libpng-tools-1.6.40-9.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1291</id>
		<title>关于 libsndfile 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:25"/>
		<updated date="2026-05-25 18:33:46"/>
		<severity>Moderate</severity>
		<description>关于 libsndfile 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-56226" id="CVE-2025-56226" severity="Moderate" severity_desc="中风险" title="Libsndfile的mpeg_l3_encode.c文件中的mpeg_l3_encoder_init()函数存在内存泄漏漏洞，该漏洞源于函数在特定条件下未能正确释放已分配的内存资源。可能导致系统资源消耗增加，影响服务可用性。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libsndfile" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsndfile-1.2.2-4.ky11.loongarch64.rpm" version="1.2.2">
					<filename>libsndfile-1.2.2-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsndfile-devel" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsndfile-devel-1.2.2-4.ky11.loongarch64.rpm" version="1.2.2">
					<filename>libsndfile-devel-1.2.2-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsndfile-utils" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsndfile-utils-1.2.2-4.ky11.loongarch64.rpm" version="1.2.2">
					<filename>libsndfile-utils-1.2.2-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsndfile-utils-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsndfile-utils-help-1.2.2-4.ky11.noarch.rpm" version="1.2.2">
					<filename>libsndfile-utils-help-1.2.2-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1292</id>
		<title>关于 libsodium 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:26"/>
		<updated date="2026-05-25 18:34:00"/>
		<severity>Moderate</severity>
		<description>关于 libsodium 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-69277" id="CVE-2025-69277" severity="Moderate" severity_desc="中风险" title="libsodium组件在处理椭圆曲线点有效性检查时存在缺陷，该漏洞源于在crypto_core_ed25519_is_valid_point接口对椭圆曲线点未进行严格校验，导致攻击者可通过提供非主密码学群组的点，破坏加密算法的完整性，可能引发敏感信息泄露或加密通信失效。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libsodium" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsodium-1.0.19-2.ky11.loongarch64.rpm" version="1.0.19">
					<filename>libsodium-1.0.19-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsodium-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsodium-devel-1.0.19-2.ky11.loongarch64.rpm" version="1.0.19">
					<filename>libsodium-devel-1.0.19-2.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1295</id>
		<title>关于 libsoup 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:27"/>
		<updated date="2026-05-25 18:39:59"/>
		<severity>Important</severity>
		<description>关于 libsoup 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-14523" id="CVE-2025-14523" severity="Important" severity_desc="高风险" title="libsoup存在环境问题漏洞，该漏洞源于HTTP标头处理不当，可能导致请求夹带攻击、缓存投毒或绕过基于主机的访问控制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0716" id="CVE-2026-0716" severity="Moderate" severity_desc="中风险" title="libsoup组件在处理WebSocket帧时存在越界读取漏洞，该漏洞源于未正确验证传入数据的边界，导致攻击者可通过发送特制的WebSocket帧诱使库读取超出预期边界的内存数据，造成内存泄露或服务崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0719" id="CVE-2026-0719" severity="Important" severity_desc="高风险" title="libsoup HTTP 库的 NTLM 认证处理模块存在整数溢出漏洞，该漏洞源于在处理超长密码时，由于不当使用有符号整数导致内部大小计算溢出，进而引起栈上内存分配错误及后续的不安全内存拷贝。攻击者利用该漏洞可导致使用该库的应用程序意外崩溃，从而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1467" id="CVE-2026-1467" severity="Moderate" severity_desc="中风险" title="libsoup HTTP客户端库存在CRLF（回车换行）注入漏洞。当配置了HTTP代理时，该库在处理用于创建Host头的URL解码输入时存在缺陷，未能正确验证和过滤特殊字符。远程攻击者可以通过提供包含CRLF序列的特制URL，注入额外的HTTP头部或完整的HTTP请求体。这会导致HTTP代理转发非预期或未授权的HTTP请求，可能对下游服务造成影响，例如绕过安全策略、篡改请求内容等。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1539" id="CVE-2026-1539" severity="Moderate" severity_desc="中风险" title="libsoup HTTP库在处理HTTP重定向时存在逻辑缺陷，该漏洞源于当请求被重定向到不同主机时，库会移除Authorization头部但未同步移除Proxy-Authorization头部。此缺陷可能导致敏感的代理认证凭据被泄露给第三方服务器，使用libsoup进行HTTP通信的应用程序可能因此无意中暴露代理认证数据。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1760" id="CVE-2026-1760" severity="Moderate" severity_desc="中风险" title="SoupServer组件存在HTTP请求走私漏洞，该漏洞源于SoupServer在处理同时包含Transfer-Encoding: chunked和Connection: keep-alive头部的HTTP请求时处理不当，未能按照RFC 9112规范正确关闭连接。攻击者可利用此漏洞通过发送特制请求，在持久连接上走私额外的HTTP请求，导致服务器对非预期请求进行处理，可能引发拒绝服务（DoS）等。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1761" id="CVE-2026-1761" severity="Important" severity_desc="高风险" title="libsoup存在安全漏洞，该漏洞源于解析多部分HTTP响应时长度计算错误，可能导致栈缓冲区溢出、内存损坏、应用程序崩溃或执行任意代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1801" id="CVE-2026-1801" severity="Moderate" severity_desc="中风险" title="libsoup是一个HTTP客户端/服务器库，存在HTTP请求走私漏洞。该漏洞源于soup_filter_input_stream_read_line()函数中不符合RFC规范的解析逻辑，当接收到格式错误的分块头部时（例如只包含换行符LF而非回车换行符CRLF），libsoup未能正确处理。攻击者可无需认证或用户交互，通过发送特制的分块请求，在单个网络消息中注入多个HTTP请求，导致libsoup错误地解析和处理这些请求，可能造成信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-2369" id="CVE-2026-2369" severity="Moderate" severity_desc="中风险" title="GNOME项目的libsoup网络库在处理HTTP响应时存在堆缓冲区溢出漏洞，该漏洞源于对服务器返回的Content-Length头部值缺乏有效验证，攻击者可构造恶意HTTP响应触发缓冲区溢出，可能导致远程代码执行或服务拒绝。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5119" id="CVE-2026-5119" severity="Moderate" severity_desc="中风险" title="libsoup是GNOME项目的一款GNOME的HTTP客户端/服务器库。
libsoup存在安全漏洞，该漏洞源于通过配置的HTTP代理建立HTTPS隧道时，敏感会话cookie在初始HTTP CONNECT请求中以明文传输，可能导致会话劫持或用户冒充。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libsoup" release="10.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup-2.74.3-10.p03.ky11.loongarch64.rpm" version="2.74.3">
					<filename>libsoup-2.74.3-10.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsoup-devel" release="10.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup-devel-2.74.3-10.p03.ky11.loongarch64.rpm" version="2.74.3">
					<filename>libsoup-devel-2.74.3-10.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup-help" release="10.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup-help-2.74.3-10.p03.ky11.noarch.rpm" version="2.74.3">
					<filename>libsoup-help-2.74.3-10.p03.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1296</id>
		<title>关于 libsoup3 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:28"/>
		<updated date="2026-05-25 18:40:11"/>
		<severity>Moderate</severity>
		<description>关于 libsoup3 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-12105" id="CVE-2025-12105" severity="Important" severity_desc="高风险" title="libsoup存在资源管理错误漏洞，该漏洞源于异步消息队列处理中缺少状态同步，可能导致释放后重用和拒绝服务攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-32052" id="CVE-2025-32052" severity="Moderate" severity_desc="中风险" title="libsoup存在安全漏洞，该漏洞源于sniff_unknown函数存在堆缓冲区过度读取问题。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-32053" id="CVE-2025-32053" severity="Moderate" severity_desc="中风险" title="在 libsoup 中发现了一个缺陷。sniff_feed_or_html() 和 skip_insignificant_space() 函数中的漏洞可能导致堆缓冲区过度读取。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-46420" id="CVE-2025-46420" severity="Moderate" severity_desc="中风险" title="libsoup存在安全漏洞，该漏洞源于soup_header_parse_quality_list函数解析全零质量列表时存在内存泄漏。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4945" id="CVE-2025-4945" severity="Low" severity_desc="低风险" title="libsoup处理cookie过期日期时存在整数溢出，攻击者可能绕过cookie过期逻辑。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4948" id="CVE-2025-4948" severity="Important" severity_desc="高风险" title="libsoup存在整数下溢漏洞。在 libsoup HTTP 库的 soup_multipart_new_from_message() 函数中发现了一个缺陷，该库通常由 GNOME 和其他应用程序用于处理网络通信。当处理特制的多部分消息时，由于验证不当，内部计算可能出错，导致整数下溢。这可能导致程序访问无效内存并崩溃，造成拒绝服务 (DoS) 风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-4969" id="CVE-2025-4969" severity="Moderate" severity_desc="中风险" title="在 libsoup 包中发现了一个漏洞。该漏洞源于其未能正确验证多部分 HTTP 消息的终止。这可能导致远程攻击者发送特制的多部分 HTTP 主体，从而使使用 libsoup 的服务器读取超出分配的内存边界（越界读取）。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1467" id="CVE-2026-1467" severity="Moderate" severity_desc="中风险" title="libsoup HTTP客户端库存在CRLF（回车换行）注入漏洞。当配置了HTTP代理时，该库在处理用于创建Host头的URL解码输入时存在缺陷，未能正确验证和过滤特殊字符。远程攻击者可以通过提供包含CRLF序列的特制URL，注入额外的HTTP头部或完整的HTTP请求体。这会导致HTTP代理转发非预期或未授权的HTTP请求，可能对下游服务造成影响，例如绕过安全策略、篡改请求内容等。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1539" id="CVE-2026-1539" severity="Moderate" severity_desc="中风险" title="libsoup HTTP库在处理HTTP重定向时存在逻辑缺陷，该漏洞源于当请求被重定向到不同主机时，库会移除Authorization头部但未同步移除Proxy-Authorization头部。此缺陷可能导致敏感的代理认证凭据被泄露给第三方服务器，使用libsoup进行HTTP通信的应用程序可能因此无意中暴露代理认证数据。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libsoup3" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup3-3.4.4-17.ky11.loongarch64.rpm" version="3.4.4">
					<filename>libsoup3-3.4.4-17.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsoup3-devel" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup3-devel-3.4.4-17.ky11.loongarch64.rpm" version="3.4.4">
					<filename>libsoup3-devel-3.4.4-17.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libsoup3-help" release="17.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsoup3-help-3.4.4-17.ky11.noarch.rpm" version="3.4.4">
					<filename>libsoup3-help-3.4.4-17.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1297</id>
		<title>关于 libssh2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:30"/>
		<updated date="2026-05-25 18:40:23"/>
		<severity>Important</severity>
		<description>关于 libssh2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-7598" id="CVE-2026-7598" severity="Important" severity_desc="高风险" title="libssh2的src/userauth.c文件中的userauth_password函数存在整数溢出漏洞，该漏洞源于对参数username_len和password_len的操纵导致整数溢出。攻击者可能远程利用此漏洞，导致部分机密性、完整性和可用性损失。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libssh2" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libssh2-1.11.0-6.ky11.loongarch64.rpm" version="1.11.0">
					<filename>libssh2-1.11.0-6.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libssh2-devel" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libssh2-devel-1.11.0-6.ky11.loongarch64.rpm" version="1.11.0">
					<filename>libssh2-devel-1.11.0-6.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libssh2-help" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libssh2-help-1.11.0-6.ky11.noarch.rpm" version="1.11.0">
					<filename>libssh2-help-1.11.0-6.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1298</id>
		<title>关于 libtasn1 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:30"/>
		<updated date="2026-05-25 18:40:36"/>
		<severity>Important</severity>
		<description>关于 libtasn1 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13151" id="CVE-2025-13151" severity="Important" severity_desc="高风险" title="libtasn1 v4.20.0版本存在安全漏洞，该漏洞源于asn1_expend_octet_string函数未验证输入数据大小，可能导致基于栈的缓冲区溢出。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libtasn1" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtasn1-4.19.0-3.ky11.loongarch64.rpm" version="4.19.0">
					<filename>libtasn1-4.19.0-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libtasn1-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtasn1-devel-4.19.0-3.ky11.loongarch64.rpm" version="4.19.0">
					<filename>libtasn1-devel-4.19.0-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libtasn1-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtasn1-help-4.19.0-3.ky11.noarch.rpm" version="4.19.0">
					<filename>libtasn1-help-4.19.0-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1299</id>
		<title>关于 libtheora 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:31"/>
		<updated date="2026-05-25 18:40:49"/>
		<severity>Moderate</severity>
		<description>关于 libtheora 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5673" id="CVE-2026-5673" severity="Moderate" severity_desc="中风险" title="libtheora组件存在堆越界读取漏洞，该漏洞源于在解析AVI（音频视频交错格式）文件时，avi_parse_input_file函数未能正确处理截断的头部子块。攻击者可诱使用户打开恶意构造的AVI文件，从而触发应用程序崩溃导致拒绝服务，或可能从堆中泄露敏感信息。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="libtheora" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtheora-1.1.1-29.ky11.loongarch64.rpm" version="1.1.1">
					<filename>libtheora-1.1.1-29.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="libtheora-devel" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtheora-devel-1.1.1-29.ky11.loongarch64.rpm" version="1.1.1">
					<filename>libtheora-devel-1.1.1-29.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="libtheora-help" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtheora-help-1.1.1-29.ky11.noarch.rpm" version="1.1.1">
					<filename>libtheora-help-1.1.1-29.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="theora-tools" release="29.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/theora-tools-1.1.1-29.ky11.loongarch64.rpm" version="1.1.1">
					<filename>theora-tools-1.1.1-29.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1300</id>
		<title>关于 libtiff 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:31"/>
		<updated date="2026-05-25 18:41:01"/>
		<severity>Important</severity>
		<description>关于 libtiff 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9900" id="CVE-2025-9900" severity="Important" severity_desc="高风险" title="LibTIFF存在安全漏洞，该漏洞源于当库处理特制的 TIFF 图像文件时，通过在文件元数据中提供异常大的图像高度值，攻击者可以诱使库将攻击者控制的颜色数据写入任意内存位置。这种内存损坏可被用于导致拒绝服务（应用程序崩溃）或以用户权限执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libtiff" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtiff-4.6.0-7.ky11.loongarch64.rpm" version="4.6.0">
					<filename>libtiff-4.6.0-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libtiff-devel" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtiff-devel-4.6.0-7.ky11.loongarch64.rpm" version="4.6.0">
					<filename>libtiff-devel-4.6.0-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libtiff-help" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtiff-help-4.6.0-7.ky11.noarch.rpm" version="4.6.0">
					<filename>libtiff-help-4.6.0-7.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libtiff-static" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtiff-static-4.6.0-7.ky11.loongarch64.rpm" version="4.6.0">
					<filename>libtiff-static-4.6.0-7.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libtiff-tools" release="7.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libtiff-tools-4.6.0-7.ky11.loongarch64.rpm" version="4.6.0">
					<filename>libtiff-tools-4.6.0-7.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1301</id>
		<title>关于 libX11 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:32"/>
		<updated date="2026-05-25 18:41:16"/>
		<severity>Important</severity>
		<description>关于 libX11 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-26597" id="CVE-2025-26597" severity="Important" severity_desc="高风险" title="X.Org与Xwayland的XkbChangeTypesOfKey()函数存在缓冲区溢出漏洞，该漏洞源于当函数被以0组参数调用时，会错误地将键符号表大小调整为0，但未同步更新键操作数组的大小。若后续再次以非零组参数调用同一函数，由于键操作数组大小不匹配，将导致缓冲区溢出，可能造成程序崩溃或执行任意代码。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libX11" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libX11-1.8.7-3.ky11.loongarch64.rpm" version="1.8.7">
					<filename>libX11-1.8.7-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libX11-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libX11-devel-1.8.7-3.ky11.loongarch64.rpm" version="1.8.7">
					<filename>libX11-devel-1.8.7-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libX11-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libX11-help-1.8.7-3.ky11.noarch.rpm" version="1.8.7">
					<filename>libX11-help-1.8.7-3.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1309</id>
		<title>关于 mutt 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:38"/>
		<updated date="2026-05-25 18:42:52"/>
		<severity>Low</severity>
		<description>关于 mutt 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43859" id="CVE-2026-43859" severity="Low" severity_desc="低风险" title="mutt是mutt开源的一个从终端发送邮件的命令行电子邮件客户端。
mutt 2.3.2之前版本存在安全漏洞，该漏洞源于有时对IMAP auth_cram MD5摘要使用strfcpy而非memcpy。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43861" id="CVE-2026-43861" severity="Low" severity_desc="低风险" title="Mutt的url_pct_decode函数存在空字节检查缺失漏洞，该漏洞源于在版本2.3.2之前，Mutt在处理URL百分号编码解码时未对解码结果中的空字节（'\0'）进行有效性检查。攻击者可能利用此缺陷构造特制的URL，导致Mutt在处理时产生非预期的字符串截断，进而可能影响后续的URL处理逻辑，造成信息泄露或绕过安全限制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43862" id="CVE-2026-43862" severity="Low" severity_desc="低风险" title="mutt是mutt开源的一个从终端发送邮件的命令行电子邮件客户端。
mutt 2.3.2之前版本存在安全漏洞，该漏洞源于imap_auth_gss安全级别处理不当。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43863" id="CVE-2026-43863" severity="Low" severity_desc="低风险" title="Mutt的crypt-gpgme.c模块中的data_object_to_stream函数存在无限循环漏洞，该漏洞源于对特定数据对象的处理逻辑缺陷。可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43864" id="CVE-2026-43864" severity="Low" severity_desc="低风险" title="Mutt的show_sig_summary功能存在空指针解引用漏洞，该漏洞源于在处理签名摘要时未对指针进行有效性检查，导致在特定条件下触发空指针解引用。可能导致程序崩溃，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="5" name="mutt" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/mutt-2.2.12-4.ky11.loongarch64.rpm" version="2.2.12">
					<filename>mutt-2.2.12-4.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="5" name="mutt-help" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/mutt-help-2.2.12-4.ky11.noarch.rpm" version="2.2.12">
					<filename>mutt-help-2.2.12-4.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1310</id>
		<title>关于 nano 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:39"/>
		<updated date="2026-05-25 18:43:05"/>
		<severity>Moderate</severity>
		<description>关于 nano 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-6842" id="CVE-2026-6842" severity="Low" severity_desc="低风险" title="nano的`~/.local`目录存在权限设置不当漏洞，该漏洞源于在宽松的umask设置环境下，目录权限被错误地设置为0777而非0700。本地攻击者可利用此不正确的目录权限注入恶意的`.desktop`启动器，若该启动器后续被处理，可能导致意外操作或信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-6843" id="CVE-2026-6843" severity="Moderate" severity_desc="中风险" title="Red Hat Enterprise Linux是美国红帽（Red Hat）公司的面向企业用户的Linux操作系统。
Red Hat Enterprise Linux 10存在格式化字符串错误漏洞，该漏洞源于statusline函数存在格式字符串漏洞，本地用户可通过创建包含printf说明符的目录名，导致应用程序尝试显示该名称时发生分段错误，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="nano" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nano-8.0-2.ky11.loongarch64.rpm" version="8.0">
					<filename>nano-8.0-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="nano-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nano-help-8.0-2.ky11.noarch.rpm" version="8.0">
					<filename>nano-help-8.0-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1311</id>
		<title>关于 NetworkManager 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:41"/>
		<updated date="2026-05-25 18:43:17"/>
		<severity>Low</severity>
		<description>关于 NetworkManager 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9615" id="CVE-2025-9615" severity="Low" severity_desc="低风险" title="NetworkManager的权限管理功能存在权限管理不当漏洞，该漏洞源于NetworkManager允许非root用户配置系统网络，但守护进程以root权限运行，且未正确校验对用户文件的访问权限，导致可能访问属于其他用户的文件，进而造成低权限的敏感信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="NetworkManager" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-bluetooth" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-bluetooth-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-bluetooth-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-cloud-setup" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-cloud-setup-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-cloud-setup-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="NetworkManager-config-server" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-config-server-1.44.2-3.p04.ky11.noarch.rpm" version="1.44.2">
					<filename>NetworkManager-config-server-1.44.2-3.p04.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="NetworkManager-help" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-help-1.44.2-3.p04.ky11.noarch.rpm" version="1.44.2">
					<filename>NetworkManager-help-1.44.2-3.p04.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-libnm" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-libnm-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-libnm-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-libnm-devel" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-libnm-devel-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-libnm-devel-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-ppp" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-ppp-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-ppp-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-team" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-team-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-team-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-wifi" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-wifi-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-wifi-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="NetworkManager-wwan" release="3.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/NetworkManager-wwan-1.44.2-3.p04.ky11.loongarch64.rpm" version="1.44.2">
					<filename>NetworkManager-wwan-1.44.2-3.p04.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1312</id>
		<title>关于 ntfs-3g 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:42"/>
		<updated date="2026-05-25 18:43:30"/>
		<severity>Important</severity>
		<description>关于 ntfs-3g 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40706" id="CVE-2026-40706" severity="Important" severity_desc="高风险" title="NTFS-3G组件存在堆缓冲区溢出漏洞，该漏洞源于在处理NTFS镜像文件时，函数ntfs_build_permissions_posix()未能正确验证安全描述符中的访问控制项（ACE），当读取包含多个具有WRITE_OWNER权限的ACCESS_DENIED ACE（来自不同组SID）的安全描述符时会触发堆溢出。攻击者可通过构造恶意的NTFS镜像，在以SUID-root权限运行的ntfs-3g二进制程序中引发堆内存损坏，进而可能实现任意代码执行或导致服务拒绝。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="2" name="ntfs-3g" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ntfs-3g-2022.10.3-3.ky11.loongarch64.rpm" version="2022.10.3">
					<filename>ntfs-3g-2022.10.3-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="ntfs-3g-devel" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ntfs-3g-devel-2022.10.3-3.ky11.loongarch64.rpm" version="2022.10.3">
					<filename>ntfs-3g-devel-2022.10.3-3.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="ntfs-3g-help" release="3.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ntfs-3g-help-2022.10.3-3.ky11.loongarch64.rpm" version="2022.10.3">
					<filename>ntfs-3g-help-2022.10.3-3.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1314</id>
		<title>关于 openvswitch 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:43"/>
		<updated date="2026-05-25 18:43:56"/>
		<severity>Moderate</severity>
		<description>关于 openvswitch 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34956" id="CVE-2026-34956" severity="Moderate" severity_desc="中风险" title="Open vSwitch 的用户态连接跟踪模块在处理特定构造的FTP报文时存在堆溢出漏洞，该漏洞源于在复制FTP子字符串时发生类型窄化，导致非法内存访问。攻击者可利用此漏洞通过发送恶意构造的FTP流量引发拒绝服务或可能的远程代码执行。触发该漏洞需要配置了FTP ALG处理器的连接跟踪规则，而默认情况下ALG处理器不会自动应用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="network-scripts-openvswitch" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/network-scripts-openvswitch-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>network-scripts-openvswitch-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openvswitch" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvswitch-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>openvswitch-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openvswitch-devel" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvswitch-devel-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>openvswitch-devel-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openvswitch-dpdk" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvswitch-dpdk-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>openvswitch-dpdk-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openvswitch-ipsec" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvswitch-ipsec-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>openvswitch-ipsec-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="openvswitch-test" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvswitch-test-3.2.1-5.ky11.noarch.rpm" version="3.2.1">
					<filename>openvswitch-test-3.2.1-5.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="openvswitch-testcontroller" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/openvswitch-testcontroller-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>openvswitch-testcontroller-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-openvswitch" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-openvswitch-3.2.1-5.ky11.loongarch64.rpm" version="3.2.1">
					<filename>python3-openvswitch-3.2.1-5.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1315</id>
		<title>关于 pdfbox 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:44"/>
		<updated date="2026-05-25 18:44:09"/>
		<severity>Moderate</severity>
		<description>关于 pdfbox 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33929" id="CVE-2026-33929" severity="Moderate" severity_desc="中风险" title="Apache PDFBox的ExtractEmbeddedFiles示例存在路径遍历漏洞，该漏洞源于对文件路径分隔符的校验不完善，导致在2.0.24至2.0.36及3.0.0至3.0.7版本中，具有特定目录写入权限的用户可能因恶意PDF文件而将文件写入以该目录开头的任意路径，例如具有/home/ABC写入权限的用户可能写入/home/ABCDEF路径。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="fontbox" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/fontbox-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>fontbox-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pdfbox-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-debugger" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pdfbox-debugger-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-debugger-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-javadoc" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pdfbox-javadoc-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-javadoc-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-parent" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pdfbox-parent-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-parent-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-reactor" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pdfbox-reactor-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-reactor-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="pdfbox-tools" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/pdfbox-tools-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>pdfbox-tools-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="preflight" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/preflight-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>preflight-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="xmpbox" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/xmpbox-2.0.29-2.ky11.noarch.rpm" version="2.0.29">
					<filename>xmpbox-2.0.29-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1317</id>
		<title>关于 postfix 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:47"/>
		<updated date="2026-05-25 18:44:35"/>
		<severity>Low</severity>
		<description>关于 postfix 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43964" id="CVE-2026-43964" severity="Low" severity_desc="低风险" title="Postfix是Postfix开源的一个邮件传输代理软件。
Postfix存在安全漏洞，该漏洞源于增强状态码在第三位数字后缺少文本，可能导致缓冲区过度读取和进程崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="2" name="postfix" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/postfix-3.8.4-2.ky11.loongarch64.rpm" version="3.8.4">
					<filename>postfix-3.8.4-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="postfix-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/postfix-help-3.8.4-2.ky11.noarch.rpm" version="3.8.4">
					<filename>postfix-help-3.8.4-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="postfix-perl-scripts" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/postfix-perl-scripts-3.8.4-2.ky11.loongarch64.rpm" version="3.8.4">
					<filename>postfix-perl-scripts-3.8.4-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="postfix-pgsql" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/postfix-pgsql-3.8.4-2.ky11.loongarch64.rpm" version="3.8.4">
					<filename>postfix-pgsql-3.8.4-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="postfix-sysvinit" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/postfix-sysvinit-3.8.4-2.ky11.noarch.rpm" version="3.8.4">
					<filename>postfix-sysvinit-3.8.4-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1321</id>
		<title>关于 python3 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:53"/>
		<updated date="2026-05-25 18:45:42"/>
		<severity>Important</severity>
		<description>关于 python3 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13462" id="CVE-2025-13462" severity="Low" severity_desc="低风险" title="Python tarfile模块存在输入验证不当漏洞。Python tarfile模块在处理GNUTYPE_LONGNAME或GNUTYPE_LONGLINK等多块成员时，错误地将AREGTYPE（\x00）块的正则化应用于DIRTYPE，该漏洞源于对特殊构造的tar归档文件输入验证不当，可能导致tarfile模块与其他实现解析结果不一致，从而引发安全风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0865" id="CVE-2026-0865" severity="Moderate" severity_desc="中风险" title="Python的wsgiref.headers.Headers模块存在HTTP头注入漏洞，该漏洞源于在处理用户可控的HTTP请求头名称和值时，若其中包含换行符，则可能被攻击者利用来注入恶意的HTTP头。这可能导致HTTP响应头被篡改或引发其他安全问题。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1502" id="CVE-2026-1502" severity="Moderate" severity_desc="中风险" title="CPython的HTTP客户端在代理隧道（proxy tunnel）的请求头或主机（host）字段中未正确拒绝CR/LF字节，导致存在CRLF注入漏洞。该漏洞源于对HTTP请求头中特殊字符的校验不充分，攻击者可能利用此漏洞向HTTP请求中注入额外的头部或主体内容，从而可能劫持请求或进行HTTP请求走私攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-2297" id="CVE-2026-2297" severity="Moderate" severity_desc="中风险" title="CPython解释器在处理旧版*.pyc文件时存在安全审计绕过漏洞。该漏洞源于SourcelessFileLoader导入钩子在FileLoader基类中未正确使用io.open_code()函数来读取.pyc文件，导致sys.audit事件处理程序无法被正常触发。攻击者可利用此漏洞绕过Python的安全审计机制，在受影响的系统上执行未被监控的代码操作。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3479" id="CVE-2026-3479" severity="Moderate" severity_desc="中风险" title="CPython是Python基金会的一个用C语言实现的Python解释器。
CPython存在安全漏洞，该漏洞源于未验证资源参数，可能导致路径遍历。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3644" id="CVE-2026-3644" severity="Moderate" severity_desc="中风险" title="Python的http.cookies模块中针对CVE-2026-0672的修复不完整，攻击者仍可通过Morsel.update()方法、|=操作符以及反序列化路径绕过控制字符的输入校验。此外，BaseCookie.js_output()方法缺少与BaseCookie.output()相同的输出校验机制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4519" id="CVE-2026-4519" severity="Low" severity_desc="低风险" title="Python的webbrowser模块中的open()函数存在输入验证不当漏洞，该漏洞源于未正确校验URL参数中的前导短横线字符，导致某些Web浏览器可能将其解析为命令行选项。攻击者可通过诱导用户访问特制URL，利用此漏洞导致浏览器执行非预期的命令行操作，造成低度信息泄露影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4786" id="CVE-2026-4786" severity="Important" severity_desc="高风险" title="CPython的webbrowser.open() API存在命令注入漏洞，该漏洞源于对CVE-2026-4519的修复不完整，当URL中包含&quot;%action&quot;时，针对特定浏览器类型的修复措施可被绕过，导致攻击者可能向底层shell注入命令。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-6019" id="CVE-2026-6019" severity="Moderate" severity_desc="中风险" title="CPython的http.cookies模块中的Morsel.js_output()函数存在跨站脚本漏洞，该漏洞源于函数返回的内联&lt;script&gt;代码片段仅对JavaScript字符串上下文中的双引号进行了转义，但未对HTML解析器敏感的序列&lt;/script&gt;进行有效中和。攻击者可通过特制的Cookie值注入&lt;/script&gt;序列，导致在生成的script元素中提前闭合HTML标签，从而可能引发跨站脚本攻击。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-6100" id="CVE-2026-6100" severity="Important" severity_desc="高风险" title="Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。
Python存在安全漏洞，该漏洞源于内存分配失败时重用解压缩实例可能导致释放后重用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="python3" release="29.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-3.11.6-29.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-3.11.6-29.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-debug" release="29.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-debug-3.11.6-29.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-debug-3.11.6-29.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-devel" release="29.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-devel-3.11.6-29.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-devel-3.11.6-29.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-help" release="29.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-help-3.11.6-29.p01.ky11.noarch.rpm" version="3.11.6">
					<filename>python3-help-3.11.6-29.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-tkinter" release="29.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-tkinter-3.11.6-29.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-tkinter-3.11.6-29.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-unversioned-command" release="29.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-unversioned-command-3.11.6-29.p01.ky11.loongarch64.rpm" version="3.11.6">
					<filename>python3-unversioned-command-3.11.6-29.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1326</id>
		<title>关于 python-ecdsa 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:51:55"/>
		<updated date="2026-05-25 18:46:04"/>
		<severity>Moderate</severity>
		<description>关于 python-ecdsa 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33936" id="CVE-2026-33936" severity="Moderate" severity_desc="中风险" title="Pure-Python ECDSA and ECDH是tlsfuzzer开源的一个纯Python实现的椭圆曲线密码学库。
Pure-Python ECDSA and ECDH 0.19.2之前版本存在安全漏洞，该漏洞源于低级DER解析函数问题，可能导致解析恶意DER私钥时引发意外异常，造成应用程序崩溃和拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="python3-ecdsa" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-ecdsa-0.18.0-2.p01.ky11.noarch.rpm" version="0.18.0">
					<filename>python3-ecdsa-0.18.0-2.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-ecdsa-help" release="2.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-ecdsa-help-0.18.0-2.p01.ky11.noarch.rpm" version="0.18.0">
					<filename>python-ecdsa-help-0.18.0-2.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1331</id>
		<title>关于 python-pygments 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:03"/>
		<updated date="2026-05-25 18:11:03"/>
		<severity>Low</severity>
		<description>关于 python-pygments 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4539" id="CVE-2026-4539" severity="Low" severity_desc="低风险" title="Pygments语法高亮库的`pygments/lexers/archetype.py`文件中的`AdlLexer`函数存在正则表达式拒绝服务漏洞，该漏洞源于该函数使用了低效的正则表达式。攻击者可通过本地访问利用此漏洞发起拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="python3-pygments" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-pygments-2.17.2-2.ky11.noarch.rpm" version="2.17.2">
					<filename>python3-pygments-2.17.2-2.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-pygments-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-pygments-help-2.17.2-2.ky11.noarch.rpm" version="2.17.2">
					<filename>python-pygments-help-2.17.2-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1334</id>
		<title>关于 python-requests 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:05"/>
		<updated date="2026-05-25 18:11:17"/>
		<severity>Moderate</severity>
		<description>关于 python-requests 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25645" id="CVE-2026-25645" severity="Moderate" severity_desc="中风险" title="Requests是Python基金会的一个优雅而简单的HTTP库。通过请求，您可以非常轻松地发送HTTP / 1.1请求。无需将查询字符串手动添加到您的URL，也无需对POST数据进行表单编码。
Requests 2.33.0之前版本存在安全漏洞，该漏洞源于extract_zipped_paths函数使用可预测文件名，可能导致本地攻击者加载恶意文件。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="python3-requests" release="5.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-requests-2.31.0-5.p01.ky11.noarch.rpm" version="2.31.0">
					<filename>python3-requests-2.31.0-5.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python-requests-help" release="5.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python-requests-help-2.31.0-5.p01.ky11.noarch.rpm" version="2.31.0">
					<filename>python-requests-help-2.31.0-5.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1338</id>
		<title>关于 qemu 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:07"/>
		<updated date="2026-06-01 16:28:22"/>
		<severity>Moderate</severity>
		<description>关于 qemu 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-8354" id="CVE-2024-8354" severity="Moderate" severity_desc="中风险" title="QEMU组件存在拒绝服务漏洞，该漏洞源于在hw/net/core.c文件中的usb_ep_get()函数处理USB设备端点获取时发生断言失败。攻击者可利用此漏洞，通过构造恶意的非特权虚拟机操作，使宿主机上的QEMU进程崩溃，从而引发拒绝服务 condition。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-2243" id="CVE-2026-2243" severity="Moderate" severity_desc="中风险" title="QEMU虚拟化软件在处理特制的VMDK镜像时存在越界读取漏洞，攻击者可利用该漏洞泄露最多12字节的敏感信息或引发拒绝服务（DoS）。该漏洞源于产品在读取数据时超出了预期缓冲区的边界，可能造成信息泄露和程序异常终止。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="11" name="qemu" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-curl" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-curl-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-curl-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-iscsi" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-iscsi-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-iscsi-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-rbd" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-rbd-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-rbd-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-block-ssh" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-block-ssh-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-block-ssh-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-guest-agent" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-guest-agent-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-guest-agent-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="11" name="qemu-help" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-help-8.2.0-37.p14.ky11.noarch.rpm" version="8.2.0">
					<filename>qemu-help-8.2.0-37.p14.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-hw-usb-host" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-hw-usb-host-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-hw-usb-host-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-img" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-img-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-img-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-aarch64" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-aarch64-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-aarch64-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-arm" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-arm-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-arm-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-loongarch64" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-loongarch64-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-loongarch64-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-riscv" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-riscv-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-riscv-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="11" name="qemu-system-x86_64" release="37.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qemu-system-x86_64-8.2.0-37.p14.ky11.loongarch64.rpm" version="8.2.0">
					<filename>qemu-system-x86_64-8.2.0-37.p14.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1339</id>
		<title>关于 qt5-qtsvg 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:08"/>
		<updated date="2026-05-25 18:12:00"/>
		<severity>Moderate</severity>
		<description>关于 qt5-qtsvg 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-10729" id="CVE-2025-10729" severity="Moderate" severity_desc="中风险" title="Qt存在安全漏洞，该漏洞源于解析非结构节点子节点的模式节点可能导致释放后重用。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="qt5-qtsvg" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtsvg-5.15.10-1.p01.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtsvg-5.15.10-1.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="qt5-qtsvg-devel" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtsvg-devel-5.15.10-1.p01.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtsvg-devel-5.15.10-1.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="qt5-qtsvg-examples" release="1.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/qt5-qtsvg-examples-5.15.10-1.p01.ky11.loongarch64.rpm" version="5.15.10">
					<filename>qt5-qtsvg-examples-5.15.10-1.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1347</id>
		<title>关于 sudo 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:16"/>
		<updated date="2026-05-25 18:08:52"/>
		<severity>Important</severity>
		<description>关于 sudo 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35535" id="CVE-2026-35535" severity="Important" severity_desc="高风险" title="Sudo组件在降权运行邮件程序之前，未能正确检查setuid、setgid或setgroups系统调用的返回值。当这些调用失败时，Sudo未将其视为致命错误，导致可能仍然保留了较高的权限。攻击者可利用该漏洞在本地系统上实现权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="sudo" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sudo-1.9.15p5-4.p01.ky11.loongarch64.rpm" version="1.9.15p5">
					<filename>sudo-1.9.15p5-4.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sudo-devel" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sudo-devel-1.9.15p5-4.p01.ky11.loongarch64.rpm" version="1.9.15p5">
					<filename>sudo-devel-1.9.15p5-4.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="sudo-help" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sudo-help-1.9.15p5-4.p01.ky11.noarch.rpm" version="1.9.15p5">
					<filename>sudo-help-1.9.15p5-4.p01.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1349</id>
		<title>关于 texlive-base 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:19"/>
		<updated date="2026-05-25 18:08:17"/>
		<severity>Moderate</severity>
		<description>关于 texlive-base 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2023-32668" id="CVE-2023-32668" severity="Moderate" severity_desc="中风险" title="LuaTeX 存在安全漏洞。在LuaTeX 1.17.0 之前的版本允许使用默认设置编译的文档发出任意网络请求。这是因为默认情况下完全访问 socket 库被许可，正如文档中所述。这也影响到 2023 r66984 版本之前的 TeX Live 和 23.5 版本之前的 MiKTeX。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="9" name="texlive-a2ping" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-a2ping-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-a2ping-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-accfonts" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-accfonts-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-accfonts-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-adhocfilelist" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-adhocfilelist-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-adhocfilelist-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-afm2pl" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-afm2pl-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-afm2pl-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-albatross" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-albatross-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-albatross-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-aleph" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-aleph-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-aleph-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-amstex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-amstex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-amstex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-arara" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-arara-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-arara-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-attachfile2" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-attachfile2-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-attachfile2-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-authorindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-authorindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-authorindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-autosp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-autosp-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-autosp-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-axodraw2" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-axodraw2-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-axodraw2-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-base" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-base-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-base-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-bib2gls" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-bib2gls-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-bib2gls-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-bibexport" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-bibexport-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-bibexport-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-bibtex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-bibtex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-bibtex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-bibtex8" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-bibtex8-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-bibtex8-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-bibtexu" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-bibtexu-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-bibtexu-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-bundledoc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-bundledoc-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-bundledoc-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cachepic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-cachepic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cachepic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-checkcites" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-checkcites-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-checkcites-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-checklistings" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-checklistings-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-checklistings-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-chklref" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-chklref-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-chklref-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-chktex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-chktex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-chktex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-cjkutils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-cjkutils-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-cjkutils-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-clojure-pamphlet" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-clojure-pamphlet-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-clojure-pamphlet-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cluttex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-cluttex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cluttex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-context" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-context-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-context-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-context-doc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-context-doc-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-context-doc-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-convbkmk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-convbkmk-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-convbkmk-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-crossrefware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-crossrefware-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-crossrefware-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cslatex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-cslatex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cslatex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-csplain" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-csplain-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-csplain-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctanbib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ctanbib-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctanbib-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctanify" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ctanify-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctanify-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctan-o-mat" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ctan-o-mat-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctan-o-mat-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ctanupload" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ctanupload-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ctanupload-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-ctie" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ctie-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-ctie-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-cweb" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-cweb-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-cweb-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-cyrillic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-cyrillic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-cyrillic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-de-macro" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-de-macro-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-de-macro-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-detex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-detex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-detex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-diadia" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-diadia-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-diadia-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dosepsbin" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dosepsbin-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dosepsbin-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dtl" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dtl-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dtl-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dtxgen" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dtxgen-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dtxgen-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvi2tty" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvi2tty-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvi2tty-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dviasm" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dviasm-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dviasm-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvicopy" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvicopy-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvicopy-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvidvi" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvidvi-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvidvi-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-dviinfox" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dviinfox-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-dviinfox-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dviljk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dviljk-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dviljk-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dviout-util" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dviout-util-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dviout-util-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvipdfmx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvipdfmx-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvipdfmx-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvipng" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvipng-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvipng-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvipos" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvipos-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvipos-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvips" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvips-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvips-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-dvisvgm" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-dvisvgm-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-dvisvgm-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ebong" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ebong-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ebong-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-eplain" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-eplain-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-eplain-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-epspdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-epspdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-epspdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-epstopdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-epstopdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-epstopdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-exceltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-exceltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-exceltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fig4latex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-fig4latex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fig4latex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-findhyph" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-findhyph-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-findhyph-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fontinst" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-fontinst-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fontinst-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fontools" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-fontools-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fontools-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-fontware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-fontware-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-fontware-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-fragmaster" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-fragmaster-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-fragmaster-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-getmap" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-getmap-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-getmap-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-git-latexdiff" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-git-latexdiff-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-git-latexdiff-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-glossaries" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-glossaries-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-glossaries-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-glyphlist" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-glyphlist-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-glyphlist-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-gregoriotex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-gregoriotex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-gregoriotex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-gsftopk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-gsftopk-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-gsftopk-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-hyperxmp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-hyperxmp-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-hyperxmp-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-installfont" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-installfont-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-installfont-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-jadetex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-jadetex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-jadetex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-jfmutil" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-jfmutil-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-jfmutil-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ketcindy" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ketcindy-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ketcindy-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-kotex-utils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-kotex-utils-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-kotex-utils-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-kpathsea" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-kpathsea-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-kpathsea-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-l3build" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-l3build-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-l3build-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-lacheck" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lacheck-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-lacheck-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex2man" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latex2man-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex2man-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex2nemeth" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latex2nemeth-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex2nemeth-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexdiff" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latexdiff-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexdiff-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexfileversion" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latexfileversion-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexfileversion-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex-git-log" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latex-git-log-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex-git-log-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexindent" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latexindent-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexindent-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latexpand" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latexpand-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latexpand-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-latex-papersize" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-latex-papersize-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-latex-papersize-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-lcdftypetools" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lcdftypetools-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-lcdftypetools-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-lib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lib-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-lib-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-lib-devel" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lib-devel-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-lib-devel-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-light-latex-make" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-light-latex-make-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-light-latex-make-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lilyglyphs" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lilyglyphs-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-lilyglyphs-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-listbib" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-listbib-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-listbib-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-listings-ext" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-listings-ext-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-listings-ext-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lollipop" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lollipop-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-lollipop-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ltxfileinfo" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ltxfileinfo-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ltxfileinfo-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ltximg" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ltximg-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ltximg-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-luahbtex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-luahbtex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-luahbtex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-luajittex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-luajittex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-luajittex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-luaotfload" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-luaotfload-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-luaotfload-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-luatex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-luatex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-luatex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lwarp" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lwarp-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-lwarp-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-lyluatex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-lyluatex-svn47584-13.ky11.noarch.rpm" version="svn47584">
					<filename>texlive-lyluatex-svn47584-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-make4ht" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-make4ht-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-make4ht-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-makedtx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-makedtx-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-makedtx-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-makeindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-makeindex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-makeindex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-match_parens" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-match_parens-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-match_parens-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mathspic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mathspic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mathspic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-metafont" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-metafont-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-metafont-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-metapost" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-metapost-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-metapost-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mf2pt1" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mf2pt1-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mf2pt1-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-mflua" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mflua-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-mflua-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-mfware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mfware-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-mfware-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mkgrkindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mkgrkindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mkgrkindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mkjobtexmf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mkjobtexmf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mkjobtexmf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mkpic" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mkpic-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mkpic-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-mptopdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-mptopdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-mptopdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-m-tx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-m-tx-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-m-tx-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-multibibliography" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-multibibliography-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-multibibliography-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-musixtex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-musixtex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-musixtex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-musixtnt" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-musixtnt-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-musixtnt-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-oberdiek" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-oberdiek-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-oberdiek-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-omegaware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-omegaware-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-omegaware-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-optex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-optex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-optex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-patgen" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-patgen-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-patgen-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pax" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pax-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pax-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfbook2" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdfbook2-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfbook2-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfcrop" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdfcrop-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfcrop-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfjam" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdfjam-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfjam-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdflatexpicscale" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdflatexpicscale-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdflatexpicscale-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-pdftex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdftex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-pdftex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdftex-quiet" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdftex-quiet-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdftex-quiet-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-pdftosrc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdftosrc-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-pdftosrc-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pdfxup" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pdfxup-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pdfxup-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pedigree-perl" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pedigree-perl-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pedigree-perl-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-perltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-perltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-perltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-petri-nets" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-petri-nets-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-petri-nets-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pfarrei" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pfarrei-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pfarrei-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pkfix" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pkfix-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pkfix-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pkfix-helper" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pkfix-helper-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pkfix-helper-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-pmx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pmx-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-pmx-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pmxchords" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pmxchords-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pmxchords-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-ps2eps" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ps2eps-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-ps2eps-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-ps2pk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ps2pk-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-ps2pk-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pst2pdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pst2pdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pst2pdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pst-pdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pst-pdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pst-pdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-ptex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ptex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-ptex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ptex2pdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ptex2pdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ptex2pdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ptex-fontmaps" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ptex-fontmaps-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ptex-fontmaps-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-purifyeps" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-purifyeps-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-purifyeps-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pygmentex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pygmentex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pygmentex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-pythontex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-pythontex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-pythontex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-rubik" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-rubik-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-rubik-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-seetexk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-seetexk-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-seetexk-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-spix" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-spix-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-spix-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-splitindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-splitindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-splitindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-srcredact" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-srcredact-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-srcredact-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-sty2dtx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-sty2dtx-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-sty2dtx-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-svn-multi" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-svn-multi-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-svn-multi-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-synctex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-synctex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-synctex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-tex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-tex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-tex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-tex4ebook" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-tex4ebook-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-tex4ebook-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-tex4ht" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-tex4ht-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-tex4ht-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texcount" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texcount-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texcount-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdef" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texdef-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdef-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdiff" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texdiff-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdiff-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdirflatten" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texdirflatten-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdirflatten-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdoc" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texdoc-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdoc-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texdoctk" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texdoctk-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texdoctk-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texfot" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texfot-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texfot-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive-en" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texlive-en-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive-en-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive.infra" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texlive.infra-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive.infra-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texliveonfly" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texliveonfly-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texliveonfly-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive-scripts" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texlive-scripts-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive-scripts-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texlive-scripts-extra" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texlive-scripts-extra-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texlive-scripts-extra-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texloganalyser" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texloganalyser-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texloganalyser-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texosquery" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texosquery-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texosquery-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texplate" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texplate-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texplate-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-texsis" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texsis-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-texsis-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-texware" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-texware-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-texware-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-thumbpdf" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-thumbpdf-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-thumbpdf-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-tie" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-tie-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-tie-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-tikztosvg" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-tikztosvg-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-tikztosvg-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-tpic2pdftex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-tpic2pdftex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-tpic2pdftex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-ttfutils" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ttfutils-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-ttfutils-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-typeoutfileinfo" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-typeoutfileinfo-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-typeoutfileinfo-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-ulqda" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-ulqda-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-ulqda-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-uptex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-uptex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-uptex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-urlbst" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-urlbst-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-urlbst-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-velthuis" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-velthuis-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-velthuis-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-vlna" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-vlna-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-vlna-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-vpe" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-vpe-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-vpe-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-web" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-web-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-web-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-webquiz" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-webquiz-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-webquiz-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-wordcount" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-wordcount-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-wordcount-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-xdvi" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-xdvi-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-xdvi-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-xetex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-xetex-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-xetex-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-xindex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-xindex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-xindex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-xml2pmx" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-xml2pmx-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-xml2pmx-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-xmltex" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-xmltex-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-xmltex-20210325-13.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="9" name="texlive-xpdfopen" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-xpdfopen-20210325-13.ky11.loongarch64.rpm" version="20210325">
					<filename>texlive-xpdfopen-20210325-13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="9" name="texlive-yplan" release="13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/texlive-yplan-20210325-13.ky11.noarch.rpm" version="20210325">
					<filename>texlive-yplan-20210325-13.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1351</id>
		<title>关于 tomcat 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:20"/>
		<updated date="2026-05-25 18:07:51"/>
		<severity>Moderate</severity>
		<description>关于 tomcat 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-66614" id="CVE-2025-66614" severity="Critical" severity_desc="严重风险" title="Apache Tomcat的SNI扩展主机名与HTTP主机头字段校验功能存在输入验证不当漏洞，该漏洞源于Tomcat未验证通过SNI扩展提供的主机名与HTTP主机头字段中提供的主机名是否一致。当Tomcat配置了多个虚拟主机，且其中一台主机的TLS配置未要求客户端证书认证而另一台要求时，攻击者可通过在SNI扩展和HTTP主机头字段中发送不同的主机名，绕过客户端证书认证，导致安全限制被绕过。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24733" id="CVE-2026-24733" severity="Moderate" severity_desc="中风险" title="Apache Tomcat组件存在输入验证不当漏洞。该漏洞源于Tomcat未对HTTP/0.9请求的方法进行限制。当安全策略配置为允许对某URI接受HEAD请求但拒绝GET请求时，攻击者可通过发送一个（不符合规范的）HTTP/0.9 HEAD请求绕过该限制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24734" id="CVE-2026-24734" severity="Important" severity_desc="高风险" title="Apache Tomcat Native及Apache Tomcat的OCSP响应器功能存在输入验证不当漏洞，该漏洞源于在使用OCSP响应器时，Tomcat Native（以及Tomcat中基于FFM移植的Tomcat Native代码）未完成对OCSP响应的验证或新鲜度检查。攻击者可能利用此漏洞绕过证书吊销检查，导致系统安全机制失效。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-24880" id="CVE-2026-24880" severity="Important" severity_desc="高风险" title="Apache Tomcat的HTTP请求处理模块存在HTTP请求走私漏洞，该漏洞源于对无效分块扩展（invalid chunk extension）的HTTP请求解释不一致。攻击者可能利用此漏洞，通过构造特制的HTTP请求，导致请求/响应走私攻击，从而可能绕过安全控制、劫持用户会话或进行其他恶意操作。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-25854" id="CVE-2026-25854" severity="Moderate" severity_desc="中风险" title="Apache Tomcat在LoadBalancerDrainingValve组件中存在开放重定向漏洞，该漏洞源于对URL重定向目标校验不充分，攻击者可构造恶意链接诱导用户访问不可信的第三方网站，从而实施钓鱼攻击或泄露敏感信息。此漏洞影响Apache Tomcat多个版本，包括11.0.0-M1至11.0.18、10.1.0-M1至10.1.52、9.0.0-M23至9.0.115以及8.5.30至8.5.100等版本。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-29129" id="CVE-2026-29129" severity="Important" severity_desc="高风险" title="Apache Tomcat的SSL/TLS配置模块存在加密套件偏好顺序未保留漏洞，该漏洞源于在配置加密套件时未正确保留用户设定的优先级顺序。攻击者可能利用此漏洞，通过降级攻击迫使服务器使用较弱的加密套件，从而导致敏感信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-29145" id="CVE-2026-29145" severity="Critical" severity_desc="严重风险" title="Apache Tomcat及Apache Tomcat Native的CLIENT_CERT认证模块存在认证绕过漏洞，该漏洞源于在禁用软失败（soft fail）的特定场景下，客户端证书认证未能按预期失败。攻击者可能利用此漏洞绕过身份验证机制，导致未授权访问系统资源或获取敏感信息。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-29146" id="CVE-2026-29146" severity="Important" severity_desc="高风险" title="Apache Tomcat的EncryptInterceptor模块存在信息泄露漏洞，该漏洞源于未正确校验加密数据填充的有效性。可能导致攻击者通过构造恶意请求，逐步破解加密数据，最终实现会话劫持或敏感信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34483" id="CVE-2026-34483" severity="Important" severity_desc="高风险" title="Apache Tomcat 的 JsonAccessLogValve 组件存在输出编码或转义不当的安全漏洞。该漏洞源于在生成访问日志时未能正确对输出内容进行编码或转义，导致攻击者可能通过构造特定请求，在日志文件中注入恶意内容，从而获取敏感信息。攻击者可利用此漏洞读取服务器上的敏感数据，造成信息泄露风险。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34487" id="CVE-2026-34487" severity="Important" severity_desc="高风险" title="Apache Tomcat的云集群组件存在敏感信息泄露漏洞，该漏洞源于在记录日志文件时未正确过滤敏感数据，将Kubernetes bearer token暴露在日志中。可能导致攻击者获取Kubernetes集群的认证凭据，进而越权访问集群资源。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-34500" id="CVE-2026-34500" severity="Moderate" severity_desc="中风险" title="Apache Tomcat 11.0.0-M14至11.0.20版本、10.1.22至10.1.53版本和9.0.92至9.0.116版本存在安全漏洞，该漏洞源于当软故障禁用且使用FFM时，CLIENT_CERT身份验证在某些场景下未按预期失败。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41293" id="CVE-2026-41293" severity="Critical" severity_desc="严重风险" title="Apache Tomcat 11.0.0-M1版本至11.0.21版本、10.1.0-M1版本至10.1.54版本、9.0.0.M1版本至9.0.117版本和10.0.0-M1版本至10.0.27版本存在输入验证错误漏洞，该漏洞源于输入验证不当。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43512" id="CVE-2026-43512" severity="Critical" severity_desc="严重风险" title="Apache Tomcat的摘要认证功能存在认证绕过漏洞，该漏洞源于对认证过程的校验逻辑存在缺陷。攻击者无需认证即可利用该漏洞绕过安全限制，可能导致完全控制受影响的系统。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="1" name="tomcat" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/tomcat-9.0.118-1.ky11.noarch.rpm" version="9.0.118">
					<filename>tomcat-9.0.118-1.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="tomcat-help" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/tomcat-help-9.0.118-1.ky11.noarch.rpm" version="9.0.118">
					<filename>tomcat-help-9.0.118-1.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="tomcat-jsvc" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/tomcat-jsvc-9.0.118-1.ky11.noarch.rpm" version="9.0.118">
					<filename>tomcat-jsvc-9.0.118-1.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1352</id>
		<title>关于 uriparser 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:21"/>
		<updated date="2026-05-25 18:07:35"/>
		<severity>Moderate</severity>
		<description>关于 uriparser 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42371" id="CVE-2026-42371" severity="Moderate" severity_desc="中风险" title="在 1.0.1 版本之前的 uriparser 中，文本范围比较存在数值截断问题，如果应用程序接受长度为千兆字节的 URI，则可能导致漏洞。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-44927" id="CVE-2026-44927" severity="Low" severity_desc="低风险" title="uriparser的多个位置存在指针差值截断为int类型的漏洞，该漏洞源于对指针运算结果未进行正确的类型转换或范围检查，可能导致整数截断，进而引发信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-44928" id="CVE-2026-44928" severity="Low" severity_desc="低风险" title="Uriparser是一个用 C89 编写的严格符合 Rfc 3986 的 Uri 解析和处理库。
uriparser 存在安全漏洞，该漏洞源于EqualsUri函数可能错误分类两个不等的URI为相等。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="uriparser" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/uriparser-1.0.1-2.ky11.loongarch64.rpm" version="1.0.1">
					<filename>uriparser-1.0.1-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="uriparser-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/uriparser-devel-1.0.1-2.ky11.loongarch64.rpm" version="1.0.1">
					<filename>uriparser-devel-1.0.1-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="uriparser-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/uriparser-help-1.0.1-2.ky11.noarch.rpm" version="1.0.1">
					<filename>uriparser-help-1.0.1-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1354</id>
		<title>关于 vim 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:22"/>
		<updated date="2026-05-25 18:07:07"/>
		<severity>Moderate</severity>
		<description>关于 vim 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28417" id="CVE-2026-28417" severity="Moderate" severity_desc="中风险" title="Vim的netrw标准插件存在OS命令注入漏洞，该漏洞源于对用户提供的URL（如scp://协议处理器）校验不严。攻击者可通过诱导用户打开特制URL，在Vim进程权限下执行任意Shell命令，可能导致信息泄露或系统部分权限被获取。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28418" id="CVE-2026-28418" severity="Moderate" severity_desc="中风险" title="Vim 是一个开源的命令行文本编辑器。在 9.2.0074 版本之前，Vim 的 Emacs 风格 tags 文件解析逻辑中存在基于堆的缓冲区越界读取漏洞。当处理恶意构造的 tags 文件时，Vim 可能会读取超出已分配内存边界最多 7 字节的数据。攻击者可利用该漏洞通过诱使用户打开恶意 tags 文件，从而造成信息泄露或程序崩溃（拒绝服务）。该问题已在版本 9.2.0074 中修复。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28419" id="CVE-2026-28419" severity="Moderate" severity_desc="中风险" title="Vim 9.2.0075之前版本存在安全漏洞，该漏洞源于Emacs风格标签文件解析逻辑存在基于堆的缓冲区下溢，可能导致处理行首包含分隔符的畸形标签文件时读取分配缓冲区之前的内存。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28420" id="CVE-2026-28420" severity="Moderate" severity_desc="中风险" title="Vim 是一个开源的命令行文本编辑器。在 9.2.0076 版本之前，Vim 的终端模拟器在处理来自 Unicode 辅助平面的最大组合字符时，存在堆缓冲区溢出写入和越界读取漏洞。攻击者可利用该漏洞通过构造特殊文件或输入触发内存破坏，可能导致任意代码执行或拒绝服务。升级到版本 9.2.0076 可修复此问题。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28421" id="CVE-2026-28421" severity="Moderate" severity_desc="中风险" title="Vim的交换文件恢复逻辑存在堆缓冲区溢出漏洞，该漏洞源于未正确验证从交换文件中精心构造的指针块中读取的字段。攻击者可通过诱使用户打开特制的交换文件，导致程序发生段错误，从而造成拒绝服务或潜在的信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-28422" id="CVE-2026-28422" severity="Low" severity_desc="低风险" title="Vim 是一个开源的命令行文本编辑器。在版本9.2.0078之前，当在非常宽的终端上渲染包含多字节填充字符的状态行时，函数`build_stl_str_hl()`中会发生栈缓冲区溢出。攻击者可能通过构造特定的终端环境和状态行内容来触发该漏洞，从而可能导致信息泄露或程序崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33412" id="CVE-2026-33412" severity="Important" severity_desc="高风险" title="vim编辑器在处理文件路径时存在命令注入漏洞，该漏洞源于在glob()函数中未正确处理换行符，攻击者可通过构造包含换行符的恶意文件名或路径，在执行文件操作时注入并执行任意系统命令，可能导致远程代码执行或权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-35177" id="CVE-2026-35177" severity="Moderate" severity_desc="中风险" title="Vim的zip.vim插件存在路径遍历漏洞，该漏洞源于对CVE-2025-53906的修复不完善，导致在处理特制的zip压缩包时，攻击者可以绕过路径限制，覆盖任意文件。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39881" id="CVE-2026-39881" severity="Moderate" severity_desc="中风险" title="Vim 是一个开源的命令行文本编辑器。在 9.2.0316 版本之前，Vim 的 netbeans 接口存在命令注入漏洞，恶意的 netbeans 服务器可以通过 defineAnnoType 和 specialKeys 协议消息中的未过滤字符串，在 Vim 连接到该服务器时执行任意 Ex 命令。攻击者可利用此漏洞在目标系统上执行非授权命令，从而可能导致敏感信息泄露或系统被进一步控制。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-41411" id="CVE-2026-41411" severity="Moderate" severity_desc="中风险" title="Vim 是一个开源的命令行文本编辑器。在 9.2.0357 版本之前，Vim 的标签文件处理功能中存在命令注入漏洞。当解析标签时，标签文件中的 filename 字段会经过通配符扩展来解析环境变量和通配符。如果 filename 字段包含反引号语法（例如 `command`），Vim 会通过系统 shell 执行嵌入的命令，并以当前运行用户的完整权限执行该命令。攻击者可利用此漏洞在目标系统上执行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="2" name="vim-common" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-common-9.0.2092-32.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-common-9.0.2092-32.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="vim-enhanced" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-enhanced-9.0.2092-32.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-enhanced-9.0.2092-32.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="2" name="vim-filesystem" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-filesystem-9.0.2092-32.ky11.noarch.rpm" version="9.0.2092">
					<filename>vim-filesystem-9.0.2092-32.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="vim-minimal" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-minimal-9.0.2092-32.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-minimal-9.0.2092-32.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="2" name="vim-X11" release="32.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/vim-X11-9.0.2092-32.ky11.loongarch64.rpm" version="9.0.2092">
					<filename>vim-X11-9.0.2092-32.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1357</id>
		<title>关于 wireshark 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:26"/>
		<updated date="2026-05-25 18:05:38"/>
		<severity>Moderate</severity>
		<description>关于 wireshark 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13946" id="CVE-2025-13946" severity="Moderate" severity_desc="中风险" title="Wireshark 4.6.0版本至4.6.1版本和4.4.0版本至4.4.11版本存在安全漏洞，该漏洞源于MEGACO解析器无限循环，可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-9817" id="CVE-2025-9817" severity="Important" severity_desc="高风险" title="Wireshark 4.4.0至4.4.8版本存在代码问题漏洞，该漏洞源于SSH解析器崩溃，可能导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0959" id="CVE-2026-0959" severity="Moderate" severity_desc="中风险" title="Wireshark的IEEE 802.11协议解析器模块存在拒绝服务漏洞，该漏洞源于程序在解析畸形或特制的IEEE 802.11数据包时未正确处理输入数据导致程序崩溃。可能导致导致应用程序意外终止，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0960" id="CVE-2026-0960" severity="Moderate" severity_desc="中风险" title="Wireshark的HTTP/3协议解析器模块在4.6.0至4.6.2版本中存在拒绝服务漏洞，该漏洞源于程序在处理特制的HTTP/3数据包时逻辑判断失误，进入了无限循环状态。可能导致导致应用程序资源耗尽并停止响应，从而造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-0961" id="CVE-2026-0961" severity="Moderate" severity_desc="中风险" title="Wireshark的BLF文件解析器模块存在拒绝服务漏洞，该漏洞源于程序在解析畸形或特制的BLF格式文件时未正确处理异常输入导致程序崩溃。可能导致导致应用程序意外终止，造成拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-5299" id="CVE-2026-5299" severity="Moderate" severity_desc="中风险" title="Wireshark 4.6.0 到 4.6.4 以及 4.4.0 到 4.4.14 版本中，ICMPv6 PvD 协议解析器存在崩溃漏洞，可能导致拒绝服务攻击。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="wireshark" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/wireshark-4.4.15-1.ky11.loongarch64.rpm" version="4.4.15">
					<filename>wireshark-4.4.15-1.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="wireshark-devel" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/wireshark-devel-4.4.15-1.ky11.loongarch64.rpm" version="4.4.15">
					<filename>wireshark-devel-4.4.15-1.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="wireshark-help" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/wireshark-help-4.4.15-1.ky11.noarch.rpm" version="4.4.15">
					<filename>wireshark-help-4.4.15-1.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1358</id>
		<title>关于 xnio 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 12:52:28"/>
		<updated date="2026-05-25 18:13:41"/>
		<severity>Moderate</severity>
		<description>关于 xnio 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2022-0084" id="CVE-2022-0084" severity="Moderate" severity_desc="中风险" title="在XNIO中发现了一个缺陷，特别是在notifyReadClosed方法中。该问题显示此方法正在将消息记录到另一个预期的终端。此漏洞允许攻击者向服务器发送有缺陷的请求，可能导致与日志争用相关的性能问题或不必要的磁盘填充。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="xnio" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/xnio-3.4.0-12.ky11.noarch.rpm" version="3.4.0">
					<filename>xnio-3.4.0-12.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="xnio-help" release="12.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/xnio-help-3.4.0-12.ky11.noarch.rpm" version="3.4.0">
					<filename>xnio-help-3.4.0-12.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1364</id>
		<title>关于 curl 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 18:50:08"/>
		<updated date="2026-06-01 16:29:31"/>
		<severity>Moderate</severity>
		<description>关于 curl 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-1965" id="CVE-2026-1965" severity="Moderate" severity_desc="中风险" title="libcurl的连接复用池在处理Negotiate认证的HTTP或HTTPS请求时存在逻辑错误，导致后续请求可能错误地复用已存在的、使用不同用户凭据进行认证的连接。具体而言，当应用程序先后使用不同凭据（如user1:password1和user2:password2）向同一服务器发起Negotiate认证请求时，若前一个连接仍存活，第二个请求会错误复用该连接，并误以为已使用新凭据完成认证，实际上仍在使用第一个用户的认证状态。该漏洞源于代码中对连接复用条件的校验逻辑缺陷，以及Negotiate协议认证连接而非请求的特性与HTTP设计的不一致。攻击者利用此漏洞可导致应用程序在不知情下使用错误的用户凭据发送请求，造成身份混淆和潜在的越权操作。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3783" id="CVE-2026-3783" severity="Moderate" severity_desc="中风险" title="curl组件在处理使用OAuth2 bearer token进行HTTP(S)传输时存在安全漏洞，当该传输被重定向到第二个URL时，在特定条件下curl可能会将认证令牌泄露给第二个主机名。如果第一次请求重定向的目标主机在.netrc文件中有配置信息（使用`machine`或`default`关键字），curl会将在第一个主机设置的bearer token也传递给第二个主机，从而造成认证凭证的意外泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-3784" id="CVE-2026-3784" severity="Moderate" severity_desc="中风险" title="curl的HTTP代理连接管理功能存在凭证重用漏洞，该漏洞源于curl在复用现有HTTP代理连接（通过CONNECT方法建立）时，未正确校验新请求中使用的HTTP代理凭证是否与原有连接一致。可能导致后续请求错误地复用先前已建立的代理连接，即使新请求使用了不同的代理认证凭据，从而引发信息泄露或权限绕过风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="curl" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/curl-8.4.0-26.p03.ky11.loongarch64.rpm" version="8.4.0">
					<filename>curl-8.4.0-26.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="curl-help" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/curl-help-8.4.0-26.p03.ky11.noarch.rpm" version="8.4.0">
					<filename>curl-help-8.4.0-26.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libcurl" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libcurl-8.4.0-26.p03.ky11.loongarch64.rpm" version="8.4.0">
					<filename>libcurl-8.4.0-26.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libcurl-devel" release="26.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libcurl-devel-8.4.0-26.p03.ky11.loongarch64.rpm" version="8.4.0">
					<filename>libcurl-devel-8.4.0-26.p03.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1381</id>
		<title>关于 libvirt 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 18:50:15"/>
		<updated date="2026-06-01 16:29:57"/>
		<severity>Moderate</severity>
		<description>关于 libvirt 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-12748" id="CVE-2025-12748" severity="Moderate" severity_desc="中风险" title="libvirt是libvirt开源的一个用于实现Linux虚拟化功能的Linux API。它支持各种Hypervisor，包括Xen和KVM，以及QEMU和用于其他操作系统的一些虚拟产品。
libvirt存在安全漏洞，该漏洞源于XML文件处理过程中ACL检查前执行解析，可能导致恶意用户通过特制XML文件使主机内存过度消耗，进而导致拒绝服务。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-13193" id="CVE-2025-13193" severity="Moderate" severity_desc="中风险" title="libvirt 存在信息泄露漏洞。在libvirt中，针对已关闭虚拟机的外部非活动快照被错误地创建为全局可读，使得无特权用户能够检查客户机操作系统的内部内容。这会导致信息泄露漏洞。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libvirt" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-client" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-client-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-client-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-common" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-common-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-common-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-config-network" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-config-network-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-config-network-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-config-nwfilter" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-config-nwfilter-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-config-nwfilter-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-interface" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-interface-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-interface-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-network" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-network-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-network-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-nodedev" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-nodedev-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-nodedev-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-nwfilter" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-nwfilter-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-nwfilter-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-qemu" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-qemu-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-qemu-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-secret" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-secret-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-secret-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-core" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-core-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-core-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-disk" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-disk-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-disk-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-gluster" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-gluster-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-gluster-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-iscsi" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-iscsi-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-iscsi-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-iscsi-direct" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-iscsi-direct-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-iscsi-direct-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-logical" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-logical-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-logical-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-mpath" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-mpath-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-mpath-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-rbd" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-rbd-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-rbd-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-driver-storage-scsi" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-driver-storage-scsi-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-driver-storage-scsi-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-kvm" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-kvm-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-kvm-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-lock" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-lock-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-lock-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-log" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-log-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-log-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-plugin-lockd" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-plugin-lockd-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-plugin-lockd-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-plugin-sanlock" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-plugin-sanlock-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-plugin-sanlock-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-proxy" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-proxy-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-proxy-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-daemon-qemu" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-daemon-qemu-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-daemon-qemu-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-devel" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-devel-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-devel-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-docs" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-docs-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-docs-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-libs" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-libs-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-libs-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-nss" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-nss-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-nss-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libvirt-wireshark" release="16.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libvirt-wireshark-9.10.0-16.p07.ky11.loongarch64.rpm" version="9.10.0">
					<filename>libvirt-wireshark-9.10.0-16.p07.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1388</id>
		<title>关于 libxml2 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 18:50:17"/>
		<updated date="2026-05-25 17:12:33"/>
		<severity>Low</severity>
		<description>关于 libxml2 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-8732" id="CVE-2025-8732" severity="Low" severity_desc="低风险" title="libxml2 库在 2.14.5 及之前版本中的 xmlcatalog 组件存在未控制递归漏洞，具体影响函数 xmlParseSGMLCatalog。攻击者可利用本地权限通过构造恶意的 SGML 目录文件触发该问题，导致拒绝服务（资源耗尽）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libxml2" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libxml2-2.11.9-6.p03.ky11.loongarch64.rpm" version="2.11.9">
					<filename>libxml2-2.11.9-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libxml2-devel" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libxml2-devel-2.11.9-6.p03.ky11.loongarch64.rpm" version="2.11.9">
					<filename>libxml2-devel-2.11.9-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libxml2-help" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libxml2-help-2.11.9-6.p03.ky11.noarch.rpm" version="2.11.9">
					<filename>libxml2-help-2.11.9-6.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libxml2-kycompat" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libxml2-kycompat-2.11.9-6.p03.ky11.loongarch64.rpm" version="2.11.9">
					<filename>libxml2-kycompat-2.11.9-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-libxml2" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-libxml2-2.11.9-6.p03.ky11.loongarch64.rpm" version="2.11.9">
					<filename>python3-libxml2-2.11.9-6.p03.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1389</id>
		<title>关于 libXpm 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-19 18:50:18"/>
		<updated date="2026-05-25 17:12:47"/>
		<severity>Important</severity>
		<description>关于 libXpm 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4367" id="CVE-2026-4367" severity="Important" severity_desc="高风险" title="X.org libXpm库在3.5.4及之前版本中存在安全漏洞，该漏洞源于在处理图像数据时未能正确验证缓冲区边界，导致产品会读取超出预期缓冲区起始或结束位置的数据。攻击者可利用此漏洞读取敏感内存信息，从而对机密性造成影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libXpm" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libXpm-3.5.17-2.ky11.loongarch64.rpm" version="3.5.17">
					<filename>libXpm-3.5.17-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libXpm-devel" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libXpm-devel-3.5.17-2.ky11.loongarch64.rpm" version="3.5.17">
					<filename>libXpm-devel-3.5.17-2.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="libXpm-help" release="2.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libXpm-help-3.5.17-2.ky11.noarch.rpm" version="3.5.17">
					<filename>libXpm-help-3.5.17-2.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1401</id>
		<title>关于 cockpit 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:02"/>
		<updated date="2026-05-25 03:36:45"/>
		<severity>Low</severity>
		<description>关于 cockpit 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4802" id="CVE-2026-4802" severity="Important" severity_desc="高风险" title="Cockpit的系统日志用户界面（UI）存在操作系统命令注入漏洞，该漏洞源于对用户可控参数未进行有效清理。远程攻击者可通过在系统日志UI中构造特制链接，注入shell元字符和命令替换符，从而在受影响系统上执行任意shell命令，可能导致系统完全被攻陷。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0415" id="KVE-2026-0415" severity="Low" severity_desc="低风险" title="Cockpit后端日志功能代码层面存在 Shell 元字符过滤不严的编码缺陷，导致存在命令注入。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="cockpit" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cockpit-309-4.p02.ky11.loongarch64.rpm" version="309">
					<filename>cockpit-309-4.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="cockpit-devel" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cockpit-devel-309-4.p02.ky11.loongarch64.rpm" version="309">
					<filename>cockpit-devel-309-4.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="cockpit-help" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cockpit-help-309-4.p02.ky11.noarch.rpm" version="309">
					<filename>cockpit-help-309-4.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="cockpit-pcp" release="4.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/cockpit-pcp-309-4.p02.ky11.loongarch64.rpm" version="309">
					<filename>cockpit-pcp-309-4.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1408</id>
		<title>关于 kycompatguard 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:05"/>
		<updated date="2026-05-25 03:37:08"/>
		<severity>Moderate</severity>
		<description>关于 kycompatguard 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0411" id="KVE-2026-0411" severity="Moderate" severity_desc="中风险" title="kycompatguard 工具在处理 RPM 文件名时未进行转义，直接拼接到系统命令中执行。攻击者可通过构造包含 Shell 元字符的文件名，诱使管理员或 root 用户使用该工具检查文件，从而以 root 权限执行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kycompatguard" release="4.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kycompatguard-1.0-4.ky11.loongarch64.rpm" version="1.0">
					<filename>kycompatguard-1.0-4.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1412</id>
		<title>关于 kylin-subscription 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:06"/>
		<updated date="2026-05-25 03:36:31"/>
		<severity>Low</severity>
		<description>关于 kylin-subscription 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0417" id="KVE-2026-0417" severity="Low" severity_desc="低风险" title="kylin-subscription组件存在路径穿越漏洞，特殊情况下攻击者可利用此漏洞进行任意文件写操作。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-subscription" release="1.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-subscription-1.0.0-1.p10.ky11.loongarch64.rpm" version="1.0.0">
					<filename>kylin-subscription-1.0.0-1.p10.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-dnf-plugin-kylin-subscription" release="1.p10.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-dnf-plugin-kylin-subscription-1.0.0-1.p10.ky11.loongarch64.rpm" version="1.0.0">
					<filename>python3-dnf-plugin-kylin-subscription-1.0.0-1.p10.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1413</id>
		<title>关于 kylin-user-guide 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:06"/>
		<updated date="2026-05-25 03:36:57"/>
		<severity>Low</severity>
		<description>关于 kylin-user-guide 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0413" id="KVE-2026-0413" severity="Low" severity_desc="低风险" title="kylin-user-guide ghelp: scheme 参数未过滤导致的 JS 注入，进而通过暴露的 bridge.js_executeCommand 实现本地命令执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-user-guide" release="1.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-user-guide-4.10.0.0-1.p13.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>kylin-user-guide-4.10.0.0-1.p13.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kylin-user-guide-common" release="1.p13.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-user-guide-common-4.10.0.0-1.p13.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>kylin-user-guide-common-4.10.0.0-1.p13.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1418</id>
		<title>关于 libkysdk-system 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:10"/>
		<updated date="2026-05-25 03:35:13"/>
		<severity>Important</severity>
		<description>关于 libkysdk-system 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0703" id="KVE-2025-0703" severity="Important" severity_desc="高风险" title="银河麒麟桌面操作系统V10 SP1 libkysdk-system dbus组件getHardSerial函数存在提权漏洞。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0704" id="KVE-2025-0704" severity="Important" severity_desc="高风险" title="libkysdk-system组件getDiskTemperature函数存在提权漏洞" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0705" id="KVE-2025-0705" severity="Important" severity_desc="高风险" title="libkysdk-system 组件在处理磁盘信息获取时，其 getDiskRate 函数存在缺陷。该函数在内部实现中，未对传入的参数进行充分的输入验证和命令参数隔离，直接将其拼接到底层系统命令中执行。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0706" id="KVE-2025-0706" severity="Important" severity_desc="高风险" title="libkysdk-system组件的二进制文件/usr/bin/kySdkDbus中的changePassword函数存在修改任意用户密码漏洞，可通过该漏洞修改操作系统中用户密码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0707" id="KVE-2025-0707" severity="Important" severity_desc="高风险" title="libkysdk-system组件的二进制文件/usr/bin/kySdkDbus中的changePassword函数存在注入漏洞，可导致操作系统权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0801" id="KVE-2025-0801" severity="Important" severity_desc="高风险" title="libkysdk-system组件的二进制文件/usr/bin/kySdkDbus中的getHardModel函数存在注入漏洞，可导致操作系统权限提升。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-1001" id="KVE-2025-1001" severity="Important" severity_desc="高风险" title="银河麒麟操作系统系统开发套件组件存在对外部输入校验不严格漏洞，该漏洞源于对外部传入的参数或数据进行校验与过滤的环节存在疏漏，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-259872293" id="KVE-2025-259872293" severity="Important" severity_desc="高风险" title="银河麒麟桌面操作系统V10 SP1 libkysdk-system组件getPrinterDownloadRemoteFile函数存在任意文件写漏洞，可导致普通用户任意写文件风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libkysdk-accounts" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-accounts-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-accounts-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-accounts-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-accounts-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-accounts-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-battery" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-battery-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-battery-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-battery-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-battery-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-battery-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-disk" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-disk-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-disk-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-disk-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-disk-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-disk-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-filesystem" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-filesystem-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-filesystem-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-filesystem-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-filesystem-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-filesystem-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-global" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-global-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-global-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-global-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-global-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-global-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-hardware" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-hardware-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-hardware-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-hardware-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-hardware-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-hardware-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-imageproc" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-imageproc-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-imageproc-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-imageproc-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-imageproc-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-imageproc-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-location" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-location-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-location-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-location-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-location-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-location-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-logrotate" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-logrotate-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-logrotate-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-net" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-net-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-net-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-net-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-net-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-net-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-ocr" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-ocr-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-ocr-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-ocr-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-ocr-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-ocr-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-package" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-package-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-package-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-package-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-package-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-package-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-powermanagement" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-powermanagement-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-powermanagement-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-powermanagement-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-powermanagement-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-powermanagement-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-proc" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-proc-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-proc-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-proc-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-proc-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-proc-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-realtime" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-realtime-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-realtime-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-realtime-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-realtime-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-realtime-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-search" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-search-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-search-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-search-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-search-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-search-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-storage" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-storage-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-storage-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-storage-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-storage-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-storage-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-sysinfo" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-sysinfo-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-sysinfo-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-sysinfo-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-sysinfo-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-sysinfo-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-systemcommon" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-systemcommon-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-systemcommon-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system-dbus" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-dbus-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-dbus-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system-java" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-java-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-java-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system-javascript-http" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-javascript-http-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-javascript-http-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system-javascript-websocket" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-javascript-websocket-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-javascript-websocket-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-system-python" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-system-python-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-system-python-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-systime" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-systime-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-systime-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libkysdk-systime-devel" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libkysdk-systime-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm" version="2.5.1.2">
					<filename>libkysdk-systime-devel-2.5.1.2-1.p06.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1420</id>
		<title>关于 security-reinforce 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:12"/>
		<updated date="2026-05-25 03:34:54"/>
		<severity>Moderate</severity>
		<description>关于 security-reinforce 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0409" id="KVE-2026-0409" severity="Moderate" severity_desc="中风险" title="security-reinforce 工具输出报告路径未检查符号链接，当 root 用户执行报告导出功能操作后，低权限用户可将其指向恶意路径。管理员或 root 用户登录时，以 root 权限执行任意命令。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0420" id="KVE-2026-0420" severity="Moderate" severity_desc="中风险" title="security-reinforce组件存在路径穿越漏洞，该漏洞源于模版TEMPLATE_NAME参数因作为文件名传递，拼接跨目录字符可导出到任意路径，最终导致操作系统以当前用户权限执行系统命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="security-reinforce" release="08.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/security-reinforce-3.0.0-08.ky11.loongarch64.rpm" version="3.0.0">
					<filename>security-reinforce-3.0.0-08.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1421</id>
		<title>关于 ukui-bluetooth 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:12"/>
		<updated date="2026-05-25 03:34:42"/>
		<severity>Important</severity>
		<description>关于 ukui-bluetooth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0414" id="KVE-2026-0414" severity="Important" severity_desc="高风险" title="银河麒麟操作系统蓝牙管理组件存在对外部输入校验不严格漏洞，该漏洞源于对外部传入的参数或数据进行校验与过滤的环节存在疏漏，特殊情况下可能对系统整体安全性造成不利影响。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="ukui-bluetooth" release="1.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-bluetooth-4.10.1.0-1.p07.ky11.loongarch64.rpm" version="4.10.1.0">
					<filename>ukui-bluetooth-4.10.1.0-1.p07.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1422</id>
		<title>关于 ukui-session-manager 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:13"/>
		<updated date="2026-05-25 03:34:27"/>
		<severity>Important</severity>
		<description>关于 ukui-session-manager 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0412" id="KVE-2026-0412" severity="Important" severity_desc="高风险" title="UKUI 桌面环境的会话管理组件 ukuismserver 在建立 ICE（Inter-Client Exchange）连接时，对本地连接采用了基于主机名的认证策略（Host-Based Authentication）。该策略将同一主机上的所有本地连接均视为可信连接，无需提供任何认证凭据（如 MIT-MAGIC-COOKIE）即可通过认证。在同一台多用户系统中，低权限本地用户可利用该缺陷，向其他已登录用户的图形会话中的 ukuismserver 注册恶意的 XSMP（X Session Management Protocol）客户端。通过设置客户端的 SmRestartCommand 或 SmDiscardCommand 属性，攻击者能够以受害用户的身份执行任意系统命令，实现本地权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="ukui-session-manager" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-session-manager-4.0.0.0-1.p06.ky11.loongarch64.rpm" version="4.0.0.0">
					<filename>ukui-session-manager-4.0.0.0-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-session-wayland" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-session-wayland-4.0.0.0-1.p06.ky11.loongarch64.rpm" version="4.0.0.0">
					<filename>ukui-session-wayland-4.0.0.0-1.p06.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1423</id>
		<title>关于 ukui-settings-daemon 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-24 13:09:14"/>
		<updated date="2026-05-25 03:34:12"/>
		<severity>Important</severity>
		<description>关于 ukui-settings-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2025-0305" id="KVE-2025-0305" severity="Moderate" severity_desc="中风险" title="ukui-settings-daemon组件readGlobalConfig函数存在任意文件读取漏洞,攻击者通过特制的输入如../符号，跨越当前路径读取普通用户权限不应被访问敏感数据，从而造成信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0508" id="KVE-2026-0508" severity="Important" severity_desc="高风险" title="ukui-settings-daemon组件存在权限提升漏洞，该漏洞源于普通用户可以使用GlobalSignal.updateConfig dbus接口可写入任意文件，最终导致操作系统权限提升。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kylin-display-switch" release="1.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kylin-display-switch-4.10.0.0-1.p14.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>kylin-display-switch-4.10.0.0-1.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-settings-daemon" release="1.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-settings-daemon-4.10.0.0-1.p14.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-4.10.0.0-1.p14.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-settings-daemon-common" release="1.p14.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-settings-daemon-common-4.10.0.0-1.p14.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-settings-daemon-common-4.10.0.0-1.p14.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1432</id>
		<title>关于 gdb 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:07"/>
		<updated date="2026-06-01 16:33:43"/>
		<severity>Moderate</severity>
		<description>关于 gdb 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11082" id="CVE-2025-11082" severity="Moderate" severity_desc="中风险" title="在 GNU Binutils 2.45 版本的连接器（Linker）组件中发现了一个安全漏洞，该缺陷位于 bfd/elf-eh-frame.c 文件的 _bfd_elf_parse_eh_frame 函数中。该函数负责解析 ELF 文件中的 .eh_frame 节（用于异常处理帧信息）。由于程序在处理畸形的 .eh_frame 数据时未能正确计算或校验缓冲区边界，攻击者可以通过构造特殊的 ELF 二进制文件，诱导连接器在解析时向预分配的堆内存区域写入超出其容量的数据。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11083" id="CVE-2025-11083" severity="Moderate" severity_desc="中风险" title="GNU Binutils链接器组件中的`bfd/elfcode.h`库的`elf_swap_shdr`函数存在堆缓冲区溢出漏洞，该漏洞源于函数在处理数据时未正确执行边界检查。攻击者可利用此漏洞在本地执行恶意代码，可能导致本地权限提升或系统崩溃。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11412" id="CVE-2025-11412" severity="Low" severity_desc="低风险" title="GNU Binutils 2.45版本存在安全漏洞，该漏洞源于对文件bfd/elflink.c中函数bfd_elf_gc_record_vtentry的错误操作，可能导致越界读取。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11494" id="CVE-2025-11494" severity="Moderate" severity_desc="中风险" title="GNU Binutils 2.45版本存在缓冲区错误漏洞，该漏洞源于_bfd_x86_elf_late_size_sections函数存在越界读取，可能导致信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-11840" id="CVE-2025-11840" severity="Low" severity_desc="低风险" title="GNU Binutils的ldmisc.c文件中的vfinfo函数存在越界读取漏洞，该漏洞源于程序未对输入数据进行正确的边界检查。攻击者可利用此漏洞在本地环境中触发越界读取，可能导致应用程序崩溃或信息泄露。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4647" id="CVE-2026-4647" severity="Moderate" severity_desc="中风险" title="GNU Binutils BFD库在处理二进制文件（如目标文件和可执行文件）时存在安全漏洞，该漏洞源于在解析特制的XCOFF目标文件过程中，未对重定位类型值进行充分验证便直接使用，导致程序可能读取超出预期边界的内容。攻击者可利用此漏洞使相关工具崩溃或泄露非预期的内存内容，从而引发拒绝服务或有限的信息泄露风险。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="gdb" release="5.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gdb-14.1-5.p04.ky11.loongarch64.rpm" version="14.1">
					<filename>gdb-14.1-5.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gdb-gdbserver" release="5.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gdb-gdbserver-14.1-5.p04.ky11.loongarch64.rpm" version="14.1">
					<filename>gdb-gdbserver-14.1-5.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="gdb-headless" release="5.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gdb-headless-14.1-5.p04.ky11.loongarch64.rpm" version="14.1">
					<filename>gdb-headless-14.1-5.p04.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="gdb-help" release="5.p04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/gdb-help-14.1-5.p04.ky11.noarch.rpm" version="14.1">
					<filename>gdb-help-14.1-5.p04.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1447</id>
		<title>关于 ksaf-audit-daemon 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:12"/>
		<updated date="2026-06-01 14:16:17"/>
		<severity>Moderate</severity>
		<description>关于 ksaf-audit-daemon 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0424" id="KVE-2026-0424" severity="Moderate" severity_desc="中风险" title="ksaf-audit-daemon组件计netlink消息处理数组越界漏洞。该漏洞源于 ksaf-audit-daemon 在处理通过 Netlink 接收的审计事件消息时，未对用户可控的 perm_class_id 与 perm_id 字段进行有效的边界检查，攻击者即可结合 Netlink 源验证缺失绕过身份验证，向守护进程发送携带超大 perm_class_id或 perm_id的特制消息，直接访问无效内存地址导致守护进程崩溃，从而引发审计功能拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="ksaf-audit-daemon" release="04.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ksaf-audit-daemon-1.0.2-04.ky11.loongarch64.rpm" version="1.0.2">
					<filename>ksaf-audit-daemon-1.0.2-04.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1455</id>
		<title>关于 nginx 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:15"/>
		<updated date="2026-06-01 14:14:30"/>
		<severity>Important</severity>
		<description>关于 nginx 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-32647" id="CVE-2026-32647" severity="Important" severity_desc="高风险" title="F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。
NGINX Open Source和NGINX Plus存在缓冲区错误漏洞，该漏洞源于ngx_http_mp4_module模块存在缓冲区过度读取或写入问题，可能导致NGINX工作进程终止或执行任意代码。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42945" id="CVE-2026-42945" severity="Important" severity_desc="高风险" title="NGINX Plus及NGINX开源版本的ngx_http_rewrite_module模块存在堆缓冲区溢出漏洞，该漏洞源于当rewrite指令后紧跟rewrite、if或set指令，且使用未命名的Perl兼容正则表达式（PCRE）捕获（例如$1、$2）并包含问号（?）的替换字符串时，未正确验证输入长度。未经身份验证的攻击者在满足特定外部条件的情况下，可通过发送特制的HTTP请求利用此漏洞，导致NGINX工作进程发生堆缓冲区溢出并重启；此外，在禁用地址空间布局随机化（ASLR）的系统上，可能实现远程代码执行。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="nginx" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-all-modules" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-all-modules-1.24.0-6.p02.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-all-modules-1.24.0-6.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-filesystem" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-filesystem-1.24.0-6.p02.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-filesystem-1.24.0-6.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-help" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-help-1.24.0-6.p02.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-help-1.24.0-6.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-devel" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-devel-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-devel-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-http-image-filter" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-http-image-filter-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-http-image-filter-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-http-perl" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-http-perl-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-http-perl-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-http-xslt-filter" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-http-xslt-filter-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-http-xslt-filter-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-mail" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-mail-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-mail-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-stream" release="6.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-stream-1.24.0-6.p02.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-stream-1.24.0-6.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1456</id>
		<title>关于 nodejs-brace-expansion 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:16"/>
		<updated date="2026-06-01 14:14:15"/>
		<severity>Moderate</severity>
		<description>关于 nodejs-brace-expansion 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-5889" id="CVE-2025-5889" severity="Low" severity_desc="低风险" title="brace-expansion 1.1.11及之前版本存在安全漏洞，该漏洞源于函数expand存在低效正则表达式复杂性。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-33750" id="CVE-2026-33750" severity="Moderate" severity_desc="中风险" title="brace-expansion是Julian Gruber个人开发者的一个JavaScript中的Brace扩展。
brace-expansion 5.0.5之前版本、3.0.2之前版本、2.0.3之前版本和1.1.13之前版本存在资源管理错误漏洞，该漏洞源于步长值为零的括号模式导致序列生成循环无限运行，可能导致拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="nodejs-brace-expansion" release="5.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nodejs-brace-expansion-1.1.11-5.ky11.noarch.rpm" version="1.1.11">
					<filename>nodejs-brace-expansion-1.1.11-5.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1461</id>
		<title>关于 polkit 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:18"/>
		<updated date="2026-06-01 16:35:38"/>
		<severity>Moderate</severity>
		<description>关于 polkit 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4897" id="CVE-2026-4897" severity="Moderate" severity_desc="中风险" title="polkit组件存在资源分配无限制漏洞，该漏洞源于其`polkit-agent-helper-1` setuid二进制程序在处理通过标准输入（stdin）传入的用户输入时，未对输入长度进行有效限制。攻击者可利用此缺陷，通过提供超长的恶意输入数据，触发系统内存耗尽（OOM），从而导致系统拒绝服务（DoS）。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="polkit" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/polkit-123-4.p01.ky11.loongarch64.rpm" version="123">
					<filename>polkit-123-4.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="polkit-devel" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/polkit-devel-123-4.p01.ky11.loongarch64.rpm" version="123">
					<filename>polkit-devel-123-4.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="polkit-help" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/polkit-help-123-4.p01.ky11.noarch.rpm" version="123">
					<filename>polkit-help-123-4.p01.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="polkit-libs" release="4.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/polkit-libs-123-4.p01.ky11.loongarch64.rpm" version="123">
					<filename>polkit-libs-123-4.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1466</id>
		<title>关于 skopeo 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:20"/>
		<updated date="2026-06-01 16:36:09"/>
		<severity>Moderate</severity>
		<description>关于 skopeo 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2024-9676" id="CVE-2024-9676" severity="Moderate" severity_desc="中风险" title="Podman存在路径遍历漏洞，该漏洞源于当运行使用自动分配用户命名空间（--userns=auto）的恶意镜像时，攻击者可通过构造符号链接覆盖容器内的 /etc/passwd 文件，导致库读取主机上的任意文件。成功利用可导致拒绝服务（OOM 杀进程）或潜在的主机文件读取。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="skopeo" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/skopeo-1.14.2-6.p01.ky11.loongarch64.rpm" version="1.14.2">
					<filename>skopeo-1.14.2-6.p01.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="skopeo-tests" release="6.p01.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/skopeo-tests-1.14.2-6.p01.ky11.loongarch64.rpm" version="1.14.2">
					<filename>skopeo-tests-1.14.2-6.p01.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1467</id>
		<title>关于 sssd 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 10:43:20"/>
		<updated date="2026-06-01 16:36:22"/>
		<severity>Moderate</severity>
		<description>关于 sssd 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-6245" id="CVE-2026-6245" severity="Moderate" severity_desc="中风险" title="Red Hat System Security Services Daemon是美国红帽（Red Hat）公司的一个Linux中的守护进程组件。
Red Hat System Security Services Daemon存在安全漏洞，该漏洞源于pam_passkey_child_read_data函数未正确处理管道原始字节，可能导致本地攻击者通过特制请求触发越界读取，造成拒绝服务。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libipa_hbac" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libipa_hbac-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libipa_hbac-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libipa_hbac-devel" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libipa_hbac-devel-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libipa_hbac-devel-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_autofs" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_autofs-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_autofs-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_certmap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_certmap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_certmap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_certmap-devel" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_certmap-devel-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_certmap-devel-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_idmap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_idmap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_idmap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_idmap-devel" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_idmap-devel-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_idmap-devel-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_nss_idmap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_nss_idmap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_nss_idmap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_nss_idmap-devel" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_nss_idmap-devel-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_nss_idmap-devel-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsss_sudo" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsss_sudo-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>libsss_sudo-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-libipa_hbac" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-libipa_hbac-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>python3-libipa_hbac-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-libsss_nss_idmap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-libsss_nss_idmap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>python3-libsss_nss_idmap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-sss" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-sss-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>python3-sss-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="python3-sssdconfig" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-sssdconfig-2.9.4-11.p03.ky11.noarch.rpm" version="2.9.4">
					<filename>python3-sssdconfig-2.9.4-11.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-sss-murmur" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-sss-murmur-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>python3-sss-murmur-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-ad" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-ad-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-ad-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-client" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-client-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-client-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-common" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-common-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-common-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-common-pac" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-common-pac-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-common-pac-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-dbus" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-dbus-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-dbus-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="sssd-help" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-help-2.9.4-11.p03.ky11.noarch.rpm" version="2.9.4">
					<filename>sssd-help-2.9.4-11.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-idp" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-idp-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-idp-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-ipa" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-ipa-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-ipa-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-kcm" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-kcm-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-kcm-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-krb5" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-krb5-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-krb5-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-krb5-common" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-krb5-common-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-krb5-common-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-ldap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-ldap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-ldap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-nfs-idmap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-nfs-idmap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-nfs-idmap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-proxy" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-proxy-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-proxy-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-tools" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-tools-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-tools-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="sssd-winbind-idmap" release="11.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/sssd-winbind-idmap-2.9.4-11.p03.ky11.loongarch64.rpm" version="2.9.4">
					<filename>sssd-winbind-idmap-2.9.4-11.p03.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1492</id>
		<title>关于 autogen 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 18:50:09"/>
		<updated date="2026-06-01 16:50:16"/>
		<severity>Moderate</severity>
		<description>关于 autogen 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-8746" id="CVE-2025-8746" severity="Low" severity_desc="低风险" title="GNU libopts库的__strstr_sse2函数存在内存破坏漏洞，该漏洞源于对内存操作处理不当，可能导致内存损坏。攻击者需要本地访问权限才能利用此漏洞。该漏洞仅影响厂商不再支持的产品版本。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="autogen" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/autogen-5.18.16-6.ky11.loongarch64.rpm" version="5.18.16">
					<filename>autogen-5.18.16-6.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="autogen-devel" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/autogen-devel-5.18.16-6.ky11.loongarch64.rpm" version="5.18.16">
					<filename>autogen-devel-5.18.16-6.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="autogen-help" release="6.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/autogen-help-5.18.16-6.ky11.noarch.rpm" version="5.18.16">
					<filename>autogen-help-5.18.16-6.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1548</id>
		<title>关于 python-nbconvert 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 18:51:10"/>
		<updated date="2026-06-01 16:52:47"/>
		<severity>Moderate</severity>
		<description>关于 python-nbconvert 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39377" id="CVE-2026-39377" severity="Moderate" severity_desc="中风险" title="Jupyter nbconvert的ExtractAttachmentsPreprocessor模块存在路径遍历漏洞，该漏洞源于在处理包含恶意构造的单元格附件文件名的Jupyter笔记本时，未对附件文件名进行充分净化，直接将文件名传递给文件系统。可能导致攻击者将文件写入到预期输出目录之外的任意位置，并完全控制目标路径和文件扩展名。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-39378" id="CVE-2026-39378" severity="Moderate" severity_desc="中风险" title="nbconvert的Markdown渲染器存在路径遍历漏洞，该漏洞源于当`HTMLExporter.embed_images=True`时，程序未对图像引用中的路径进行充分校验。攻击者可通过恶意Notebook文件利用路径遍历读取转换主机上的任意敏感文件，并将其以base64数据URI的形式嵌入到输出的HTML中，从而导致信息泄露。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="noarch" epoch="0" name="python3-nbconvert" release="1.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-nbconvert-7.17.1-1.ky11.noarch.rpm" version="7.17.1">
					<filename>python3-nbconvert-7.17.1-1.ky11.noarch.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1558</id>
		<title>关于 systemd 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 18:51:15"/>
		<updated date="2026-06-01 16:55:34"/>
		<severity>Moderate</severity>
		<description>关于 systemd 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-29111" id="CVE-2026-29111" severity="Moderate" severity_desc="中风险" title="systemd v239版本至v259.2及之前版本存在安全漏洞，该漏洞源于未授权IPC API调用处理不当，可能导致断言失败、执行冻结或栈覆盖。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40226" id="CVE-2026-40226" severity="Moderate" severity_desc="中风险" title="systemd的nspawn组件存在容器逃逸漏洞，该漏洞源于对可选配置文件处理不当，攻击者可通过构造恶意的配置文件，在特定条件下实现从容器逃逸至宿主机，从而获取宿主机的高权限访问能力。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-4105" id="CVE-2026-4105" severity="Moderate" severity_desc="中风险" title="Red Hat Enterprise Linux是美国红帽（Red Hat）公司的面向企业用户的Linux操作系统。
Red Hat Enterprise Linux 10存在访问控制错误漏洞，该漏洞源于访问控制不当，可能导致执行任意命令。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="systemd" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-container" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-container-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-container-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-cryptsetup" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-cryptsetup-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-cryptsetup-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-devel" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-devel-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-devel-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="systemd-help" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-help-255-44.p07.ky11.noarch.rpm" version="255">
					<filename>systemd-help-255-44.p07.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-libs" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-libs-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-libs-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-networkd" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-networkd-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-networkd-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-nspawn" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-nspawn-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-nspawn-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-oomd" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-oomd-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-oomd-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-pam" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-pam-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-pam-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-resolved" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-resolved-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-resolved-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-sysprocess-manage" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-sysprocess-manage-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-sysprocess-manage-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-timesyncd" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-timesyncd-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-timesyncd-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="systemd-udev" release="44.p07.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/systemd-udev-255-44.p07.ky11.loongarch64.rpm" version="255">
					<filename>systemd-udev-255-44.p07.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1560</id>
		<title>关于 util-linux 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-26 18:51:17"/>
		<updated date="2026-06-01 16:58:39"/>
		<severity>Moderate</severity>
		<description>关于 util-linux 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-27456" id="CVE-2026-27456" severity="Moderate" severity_desc="中风险" title="util-linux是util-linux开源的一个软件包。util-linux 存在安全漏洞，该漏洞源于SUID二进制文件mount存在TOCTOU竞争条件，可能导致未经授权的文件访问。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libblkid" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libblkid-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>libblkid-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libfdisk" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libfdisk-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>libfdisk-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libmount" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libmount-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>libmount-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libsmartcols" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libsmartcols-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>libsmartcols-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="libuuid" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libuuid-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>libuuid-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-libmount" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-libmount-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>python3-libmount-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="util-linux" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/util-linux-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>util-linux-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="util-linux-devel" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/util-linux-devel-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>util-linux-devel-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="util-linux-help" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/util-linux-help-2.39.1-35.p02.ky11.noarch.rpm" version="2.39.1">
					<filename>util-linux-help-2.39.1-35.p02.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="util-linux-user" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/util-linux-user-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>util-linux-user-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="uuidd" release="35.p02.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/uuidd-2.39.1-35.p02.ky11.loongarch64.rpm" version="2.39.1">
					<filename>uuidd-2.39.1-35.p02.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202605-1568</id>
		<title>关于 nginx 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-05-29 20:02:29"/>
		<updated date="2026-05-29 20:40:38"/>
		<severity>Important</severity>
		<description>关于 nginx 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-40701" id="CVE-2026-40701" severity="Moderate" severity_desc="中风险" title="F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。
F5 NGINX Plus和F5 NGINX Open Source存在资源管理错误漏洞，该漏洞源于ngx_http_ssl_module模块中ssl_verify_client指令设置为on或optional且ssl_ocsp指令设置为on或leaf参数配置了解析器时，未经身份验证的攻击者可以发送请求，导致NGINX工作进程中发生堆释放后重用错误，可能导致数据有限修改或NGINX工作进程重启。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42934" id="CVE-2026-42934" severity="Moderate" severity_desc="中风险" title="NGINX Plus和NGINX开源版本的ngx_http_charset_module模块存在堆缓冲区越界读取漏洞，该漏洞源于在配置了charset、source_charset、charset_map指令以及禁用缓冲（“off”）的proxy_pass指令时，未经身份验证的攻击者可在超出其控制范围的条件下发送特定请求，导致NGINX工作进程发生堆缓冲区越界读取，进而可能造成有限的内存信息泄露或进程重启。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-42946" id="CVE-2026-42946" severity="Moderate" severity_desc="中风险" title="NGINX的ngx_http_scgi_module和ngx_http_uwsgi_module模块存在内存分配不当漏洞，该源于对上游服务器响应数据的长度校验不严格，当配置了scgi_pass或uwsgi_pass指令时，具备中间人攻击能力的未认证攻击者通过控制上游服务器的响应，可能导致NGINX工作进程过度分配内存或发生越界读取，进而泄露工作进程内存信息或导致进程重启。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-9256" id="CVE-2026-9256" severity="Important" severity_desc="高风险" title="NGINX存在缓冲区溢出漏洞，该漏洞源于ngx_http_rewrite_module模块中重写指令使用具有重叠PCRE捕获的正则表达式模式时，可能导致堆缓冲区溢出，造成工作进程重启，并在ASLR禁用或可绕过时执行代码。以下版本受到影响：NGINX Plus和NGINX Open Source。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="1" name="nginx" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-all-modules" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-all-modules-1.24.0-6.p03.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-all-modules-1.24.0-6.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-filesystem" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-filesystem-1.24.0-6.p03.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-filesystem-1.24.0-6.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="noarch" epoch="1" name="nginx-help" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-help-1.24.0-6.p03.ky11.noarch.rpm" version="1.24.0">
					<filename>nginx-help-1.24.0-6.p03.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-devel" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-devel-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-devel-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-http-image-filter" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-http-image-filter-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-http-image-filter-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-http-perl" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-http-perl-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-http-perl-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-http-xslt-filter" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-http-xslt-filter-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-http-xslt-filter-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-mail" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-mail-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-mail-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="1" name="nginx-mod-stream" release="6.p03.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/nginx-mod-stream-1.24.0-6.p03.ky11.loongarch64.rpm" version="1.24.0">
					<filename>nginx-mod-stream-1.24.0-6.p03.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1089</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-06-03 11:06:58"/>
		<updated date="2026-06-04 10:58:06"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-43494" id="CVE-2026-43494" severity="Important" severity_desc="高风险" title="Linux Kernel PinTheft 本地权限提升漏洞，该漏洞源于rdsmessagezcopyfromuser()函数处理不当,导致页面引用计数异常。本地低权限攻击者可利用此漏洞窃取引用计数,进而覆写suid-root二进制程序的页缓存以植入恶意载荷,实现权限提升至root。" type="cve"/>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-46243" id="CVE-2026-46243" severity="Important" severity_desc="高风险" title="Linux Kernel的SMB客户端模块在处理cifs.spnego密钥描述时存在输入验证漏洞，该漏洞源于未正确校验cifs.spnego密钥描述中由用户空间提供的权限相关字段（如pid、uid、creduid和upcall_target），导致攻击者可通过request_key(2)或add_key(2)系统调用创建恶意密钥，从而可能实现权限提升、信息泄露或系统崩溃。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="bpftool" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/bpftool-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>bpftool-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-abi-stablelists-6.6.0-40.11.v2601.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-40.11.v2601.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-core" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-core-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-cross-headers" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-cross-headers-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-devel" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-devel-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-devel-matched" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-devel-matched-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-doc-6.6.0-40.11.v2601.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-40.11.v2601.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-headers" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-headers-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-modules" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-modules-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-modules-extra" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-modules-extra-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-modules-internal" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-modules-internal-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-selftests-internal" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-selftests-internal-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-tools" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-tools-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-tools-libs" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-tools-libs-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-tools-libs-devel" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-tools-libs-devel-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="perf" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/perf-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-perf" release="40.11.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-perf-6.6.0-40.11.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-40.11.v2601.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1166</id>
		<title>关于 ukui-biometric-auth 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-06-04 11:26:18"/>
		<updated date="2026-06-04 15:43:38"/>
		<severity>Important</severity>
		<description>关于 ukui-biometric-auth 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=KVE-2026-0416" id="KVE-2026-0416" severity="Important" severity_desc="高风险" title="ukui-biometric-auth组件存在越权覆盖文件漏洞， setDefaultDevice 函数写入用户配置时缺少对符号链接的安全校验，导致攻击者可将恶意命令重定向写入到系统任意文件，从而实现提权操作。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="libpam-biometric" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/libpam-biometric-4.10.0.0-1.p06.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>libpam-biometric-4.10.0.0-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-biometric-auth" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-biometric-auth-4.10.0.0-1.p06.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-biometric-auth-4.10.0.0-1.p06.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="ukui-polkit" release="1.p06.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/ukui-polkit-4.10.0.0-1.p06.ky11.loongarch64.rpm" version="4.10.0.0">
					<filename>ukui-polkit-4.10.0.0-1.p06.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
	<update from="cve_manager@kylinos.cn" status="stable" type="security" version="">
		<id>KYSA-202606-1387</id>
		<title>关于 kernel 的补丁包公告</title>
		<release>Kylin Linux Advanced Server release V11 SP1(swan26)</release>
		<issued date="2026-06-22 11:19:41"/>
		<updated date="2026-06-22 11:31:23"/>
		<severity>Important</severity>
		<description>关于 kernel 的软件包现在已有更新补丁提供。
您可在CVE详情页查看各个CVE的详细信息与补丁包下载链接。
</description>
		<references>
			<reference href="https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2026-46331" id="CVE-2026-46331" severity="Important" severity_desc="高风险" title="Linux 内核网络调度（net/sched）子系统中 act_pedit 动作模块的一个内存损坏类漏洞，可被无特权本地用户利用实现 root 提权。" type="cve"/>
		</references>
		<pkglist>
			<collection short="Kylin Linux Advanced Server release V11 SP1(swan26)">
				<name>银河麒麟高级服务器操作系统 V11 SP1</name>
				<package arch="loongarch64" epoch="0" name="kernel" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-abi-stablelists" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-abi-stablelists-6.6.0-40.12.v2601.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-abi-stablelists-6.6.0-40.12.v2601.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-core" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-core-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-core-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-cross-headers" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-cross-headers-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-cross-headers-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-devel" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-devel-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-devel-matched" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-devel-matched-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-devel-matched-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="noarch" epoch="0" name="kernel-doc" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-doc-6.6.0-40.12.v2601.ky11.noarch.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-doc-6.6.0-40.12.v2601.ky11.noarch.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-headers" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-headers-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-headers-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-modules" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-modules-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-modules-extra" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-modules-extra-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-extra-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-modules-internal" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-modules-internal-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-modules-internal-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-selftests-internal" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-selftests-internal-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-selftests-internal-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-tools" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-tools-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-tools-libs" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-tools-libs-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="kernel-tools-libs-devel" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/kernel-tools-libs-devel-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>kernel-tools-libs-devel-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="perf" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/perf-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>perf-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
				<package arch="loongarch64" epoch="0" name="python3-perf" release="40.12.v2601.ky11" src="https://update.cs2c.com.cn/NS/V11/V11SP1-2603/os/adv/lic/updates/loongarch64/Packages/python3-perf-6.6.0-40.12.v2601.ky11.loongarch64.rpm" version="6.6.0">
					<reboot_suggested>True</reboot_suggested>
					<filename>python3-perf-6.6.0-40.12.v2601.ky11.loongarch64.rpm</filename>
				</package>
			</collection>
		</pkglist>
	</update>
</updates>
