1. Fixed security vulnerabilities
KVE-2021-0707
Description: The org.ukui.groupmanager.addUserToGroup interface provided by the ukui-control-center component does not restrict interface calls, which leads to adding any user to any user group, thereby enhancing user rights.
2. Affected software packages
ukui-control-center <= 3.20.0.2022.0601-ok3-0823
3. Software package repair version
ukui-control-center >= 3.20.0.2022.0601-ok3-0927
4. Repair method
Method 1: Configure the openKylin software source (mirroring the source configured by default)
deb http://archive.build.openkylin.top/openkylin/ yangtze main cross pty
deb http://archive.build.openkylin.top/openkylin/ yangtze-security main cross pty
deb http://archive.build.openkylin.top/openkylin/ yangtze-updates main cross pty
After the configuration is complete, execute the command to update the software package:
sudo apt update
sudo apt install ukui-control-center
Method 2: Download the software package from the software package download address and install it
sudo dpkg -i ukui-control-center_3.20.0.2022.0601-ok3~0927_amd64.deb
5. Software package download address
6. Repair verification
Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.
dpkg -l ukui-control-center