CVE-2019-12761
PyXDG是一个访问freedesktop.org标准的python库。
PyXDG 0.26之前版本中存在代码注入漏洞。该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞生成非法的代码段,修改网络系统或组件的预期的执行控制流。
银河麒麟桌面操作系统V4 SP1
银河麒麟桌面操作系统V4 SP2
银河麒麟桌面操作系统V4 SP3
银河麒麟桌面操作系统V4 SP4
银河麒麟服务器操作系统V4 SP1
银河麒麟服务器操作系统V4 SP2
银河麒麟服务器操作系统V4 SP3
银河麒麟服务器操作系统V4 SP4
银河麒麟桌面操作系统V10
软件包:pyxdg
0.25-4kord0.16.04.1(V4、V10)
·银河麒麟操作系统V10桌面版、V4
python3-xdg
python-xdg
打开软件包源配置文件,根据仓库地址进行修改。
4.0.2-sp1:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp1-desktop main restricted universe multiverse
4.0.2-sp2:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp2-desktop main restricted universe multiverse
4.0.2-sp3:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp3-desktop main restricted universe multiverse
4.0.2-sp4:
http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp4-desktop main restricted universe multiverse
10.0:
http://archive.kylinos.cn/kylin/KYLIN-ALL 10.0 main restricted universe multiverse
10.0 SP1:
http://archive.kylinos.cn/kylin/KYLIN-ALL 10.1 main restricted universe multiverse
配置完成后执行更新命令进行升级
$sudo apt update
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/pyxdg/python-xdg_0.25-4kord0.16.04.1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/pyxdg/python3-xdg_0.25-4kord0.16.04.1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/pyxdg/python-xdg_0.25-4kord0.16.04.1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/pyxdg/python3-xdg_0.25-4kord0.16.04.1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/pyxdg/python-xdg_0.25-4kord0.16.04.1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/pyxdg/python3-xdg_0.25-4kord0.16.04.1_all.deb