詳細介紹
1. 修復的CVE
CVE-2021-33910
systemd是德國Lennart Poettering個人開發者的一款基于Linux的系統和服務管理器。該產品兼容了SysV和LSB的啟動腳本,且提供了一個用來表示系統服務間依賴關系的框架。systemd 220到248版本存在安全漏洞,該漏洞源于basic/unit-name.c 的內存分配具有過大的大小值。本地攻擊者可利用該漏洞將文件系統掛載在很長的路徑上,通過在堆棧中分配很大的空間使systemd和整個系統崩潰。
CVE-2020-13529
systemd是德國Lennart Poettering個人開發者的一款基于Linux的系統和服務管理器。該產品兼容了SysV和LSB的啟動腳本,且提供了一個用來表示系統服務間依賴關系的框架。systemd 存在安全漏洞,該漏洞源于在處理DHCP ACK數據包時使用了可預測的事務標識符。以下產品及版本受到影響:216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 241 rc1, 241 rc2, 242, 242 rc1, 242 rc2, 242 rc3, 242 rc4, 243, 243 rc1, 243 rc2, 243.1, 243.2, 243.3, 243.4, 243.6, 243.7, 243.8, 243.9, 244, 244 rc1, 244.1, 244.2, 244.3, 244.4, 244.5, 245, 245 rc1, 245.1, 245.2, 245.3, 245.4, 245.5, 245.6, 245.7, 245.8, 245.9, 246, 246.1, 246.2, 246.3, 246.4, 246.5, 246.6, 246.7, 246.8, 246.9, 246.10, 246.11, 246.12, 246.13, 247, 247.1, 247.2, 247.3, 247.4, 247.5, 247.6。
2. 受影響的操作系統及軟件包
·銀河麒麟桌面操作系統V10 SP1
libnss-myhostname
libnss-mymachines
libnss-resolve
libnss-systemd
libpam-systemd
libsystemd-dev
libsystemd0
libudev-dev
libudev1
systemd
systemd-container
systemd-coredump
systemd-journal-remote
systemd-sysv
systemd-tests
systemd-timesyncd
udev
3. 軟件包修復版本
軟件包:systemd
245.4-4kylin3.11k14(V10 SP1)
4. 修復方法
方法一:配置源進行升級安裝
打開軟件包源配置文件,根據倉庫地址進行修改。
4.0.2-sp1:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp1-desktop main restricted universe multiverse
4.0.2-sp2:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp2-desktop main restricted universe multiverse
4.0.2-sp3:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp3-desktop main restricted universe multiverse
4.0.2-sp4:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp4-desktop main restricted universe multiverse
10.0:
http://archive.kylinos.cn/kylin/KYLIN-ALL 10.0 main restricted universe multiverse
10.0 SP1:
http://archive.kylinos.cn/kylin/KYLIN-ALL 10.1 main restricted universe multiverse
配置完成后執行更新命令進行升級
$sudo apt update
方法二:下載安裝包進行升級安裝
通過軟件包地址下載軟件包,使用軟件包升級命令根據受影響的組件包列表 升級相關的組件包。
#dpkg -i Packagelists
5. 軟件包下載地址
銀河麒麟操作系統桌面版V10 SP1
X86_64軟件包下載地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-myhostname_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-mymachines_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-resolve_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-systemd_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libpam-systemd_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libsystemd-dev_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libsystemd0_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libudev-dev_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libudev1_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-container_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-coredump_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-journal-remote_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-sysv_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-tests_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-timesyncd_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd_245.4-4kylin3.11k14_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/udev_245.4-4kylin3.11k14_amd64.deb
arm64軟件包下載地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-myhostname_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-mymachines_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-resolve_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-systemd_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libpam-systemd_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libsystemd-dev_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libsystemd0_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libudev-dev_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libudev1_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-container_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-coredump_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-journal-remote_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-sysv_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-tests_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-timesyncd_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd_245.4-4kylin3.11k14_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/udev_245.4-4kylin3.11k14_arm64.deb
mips64el軟件包下載地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-myhostname_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-mymachines_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-resolve_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libnss-systemd_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libpam-systemd_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libsystemd-dev_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libsystemd0_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libudev-dev_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/libudev1_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-container_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-coredump_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-journal-remote_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-sysv_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-tests_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd-timesyncd_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/systemd_245.4-4kylin3.11k14_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/systemd/udev_245.4-4kylin3.11k14_mips64el.deb
6. 修復驗證
使用軟件包查詢命令,查看相關的軟件包版本大于或等于修復版本則成功修復。
$sudo dpkg -l |grep Package
注:Package為軟件包包名。