Security vulnerabilities



openKylin 安全漏洞补丁公告。


Security vulnerability patch.



openKylin 安全漏洞補丁公告。

Bulletin ID ( OKSA-202211-0001 )

2022-11-17 17:58:54
Description :There is a command execution vulnerability in kylin-ipmsg
Security Level :Critical
Affected versions :openKylin-0.7, openKylin-0.7.5, openKylin-0.9
Affected components :kylin-ipmsg <=
Status :Fixed


Detailed introduction


1. Fixed security vulnerabilities


Description: Since the kylin-ipmsg (Kylin Chuanshu) application does not restrict the special file transfer process when sending and receiving files in the LAN, the attacker can carefully plan the data packet to be sent to the victim to obtain the shell permission of the target host, and even root permission.

2. Affected software packages

kylin-ipmsg <=

3. Software package repair version

kylin-ipmsg >=

4. Repair method

Method 1: Configure the openKylin software source (mirroring the source configured by default)

deb yangtze main cross pty

deb yangtze-security main cross pty

deb yangtze-updates main cross pty

After the configuration is complete, execute the command to update the software package:

sudo apt update

sudo apt install kylin-ipmsg

Method 2: Download the software package from the software package download address and install it

sudo dpkg -i kylin-ipmsg_1.3.1.2-ok5~1021.3_amd64.deb

5. Software package download address

6. Repair verification

Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.

dpkg -l kylin-ipmsg