Security vulnerabilities



openKylin 安全漏洞补丁公告。


Security vulnerability patch.



openKylin 安全漏洞補丁公告。

Bulletin ID ( OKSA-202301-0001 )

2023-01-16 17:58:54
Description :There is a privilege escalation vulnerability in the policykit-1 component
Security Level :Critical
Affected versions :openKylin-0.7, openKylin0.7.5
Affected components :policykit-1 <= 0.105-ok2
Status :fixed


Detailed introduction


1. Fixed security vulnerabilities


Description: policykit-1 is a system service installed by default on openKylin. This vulnerability enables an unprivileged local user to gain root privileges on the system.

2. Affected software packages

policykit-1 <= 0.105-ok2

3. Software package repair version

policykit-1 >= 0.105-ok3

4. Repair method

Method 1: Configure the openKylin software source (mirroring the source configured by default)

deb yangtze main cross pty

deb yangtze-security main cross pty

deb yangtze-updates main cross pty

After the configuration is complete, execute the command to update the software package:

sudo apt update

sudo apt install policykit-1

Method 2: Download the software package from the software package download address and install it

sudo dpkg -i policykit-1_0.105-ok3_amd64.deb

5. Software package download address

6. Repair verification

Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.

dpkg -l policykit-1