1. Fixed security vulnerabilities
KVE-2022-1002
Description: Since the kylin-ipmsg (Kylin Chuanshu) application does not restrict the special file transfer process when sending and receiving files in the LAN, the attacker can carefully plan the data packet to be sent to the victim to obtain the shell permission of the target host, and even root permission.
2. Affected software packages
kylin-ipmsg <= 1.3.1.2-ok2
3. Software package repair version
kylin-ipmsg >= 1.3.1.2-ok5~1021.3
4. Repair method
Method 1: Configure the openKylin software source (mirroring the source configured by default)
deb http://archive.build.openkylin.top/openkylin/ yangtze main cross pty
deb http://archive.build.openkylin.top/openkylin/ yangtze-security main cross pty
deb http://archive.build.openkylin.top/openkylin/ yangtze-updates main cross pty
After the configuration is complete, execute the command to update the software package:
sudo apt update
sudo apt install kylin-ipmsg
Method 2: Download the software package from the software package download address and install it
sudo dpkg -i kylin-ipmsg_1.3.1.2-ok5~1021.3_amd64.deb
5. Software package download address
6. Repair verification
Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.
dpkg -l kylin-ipmsg