Security vulnerabilities

PATCH

安全漏洞

openKylin 安全漏洞补丁公告。

PATCH

Security vulnerability patch.

PATCH

安全漏洞

openKylin 安全漏洞補丁公告。

Bulletin ID ( OKSA-202209-0001 )

2022-09-28 17:58:54
Description :Local privilege escalation vulnerability in ukui-control-center component
Security Level :Important
Affected versions :openKylin-0.7, openKylin-0.7.5
Affected components :ukui-control-center <= 3.20.0.2022.0601-ok3-0823
Status :Fixed

详细介绍

Detailed introduction

詳細介紹

1. Fixed security vulnerabilities

KVE-2021-0707

Description: The org.ukui.groupmanager.addUserToGroup interface provided by the ukui-control-center component does not restrict interface calls, which leads to adding any user to any user group, thereby enhancing user rights.


2. Affected software packages

ukui-control-center <= 3.20.0.2022.0601-ok3-0823


3. Software package repair version

ukui-control-center >= 3.20.0.2022.0601-ok3-0927


4. Repair method

Method 1: Configure the openKylin software source (mirroring the source configured by default)

deb http://archive.build.openkylin.top/openkylin/ yangtze main cross pty

deb http://archive.build.openkylin.top/openkylin/ yangtze-security main cross pty

deb http://archive.build.openkylin.top/openkylin/ yangtze-updates main cross pty

After the configuration is complete, execute the command to update the software package:

sudo apt update

sudo apt install ukui-control-center

Method 2: Download the software package from the software package download address and install it

sudo dpkg -i ukui-control-center_3.20.0.2022.0601-ok3~0927_amd64.deb


5. Software package download address

http://archive.build.openkylin.top/openkylin/pool/main/u/ukui-control-center/ukui-control-center_3.20.0.2022.0601-ok3~0927_amd64.deb


6. Repair verification

Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.

dpkg -l ukui-control-center