DEEPIN 20.2.2 SERIOUS SECURITY HOLE SOLUTION

Icons created by Freepik of Flaticon

The Deepin team in Spanish has detected a serious security hole in Deepin 20.2.2, Which was released last Monday June 28 (June 29 in China). This flaw has been reported to the Deepin development team and they are working on a solution, although they have not notified when they will publish this solution.

But given the severity of the flaw, we have taken the initiative to work out a solution in the meantime.

WHAT DOES THE FAULT CONSIST OF?

Checking the permissions of the system files, we detect that the files of the system kernel 5.10.36 and 5.12.9, published in Deepin 20.2.2, are owned by the desktop user. This allows any attacker, even without access to the superuser, to modify the files and folders of the kernel, having the possibility to delete files essential for the operation of the kernel and the entire system, going through replacing files with files with malware, to inject malicious code, gaining complete control of the system.

We also confirm that this failure not only affects systems that update from previous versions of Deepin, but also affects installations from scratch made with the Deepin ISO 20.2.2.

The cause of this problem is the improper packaging of the linux-image-5.10.36-amd64-desktop and linux-image-5.12.9-amd64-desktop packages used to install the kernel.

SOLUTION

The solution that the Deepin in Spanish team has chosen is to look for the files of the kernel with the desktop user as the owner, and correct the permissions to the GNU / Linux standard, assigned as owner to the user and group to root, so that only the superuser can modify them.

Applying this solution is very simple, simply install the "deepines-security-patch" package from the Deepines Store. Using the search box, search for "deepines" and in the results you can easily select it to install it.

Deepines Store

You can also install "deepines-security-patch" from the terminal by executing the following command.

sudo apt update && sudo apt install deepines-security-patch

If you have not yet installed the Deepines Store, then we provide the download button.

CONCLUSIONS

We sincerely hope that this type of failure does not happen again, it is quite disappointing that this has happened, Wuhan Deepin Technology must improve its quality controls substantially.

It is a blow to the trust of the users, and although Deepin, as a private company, generously gives away its software to the community, allowing us to enjoy a nice and easy-to-use desktop and applications for free; As a community, our contribution is to help improve this software by providing feedback and offering solutions within our possibilities, that includes indicating faults and demanding good quality, from aesthetics to safety, but always in the spirit of building together.

4.4 13 votes
Rate the Article
 
Subscribe
Report of
16 Reacciones
More popular
Newer Older
Opinion from the article
See all comments
profiler 2.0
profiler 2.0 (@profiler-2-0)
Author
1 mes atrás

Thanks for the work I haven't received the update yet, but it's good to be informed.

Emiliano Masochi
Emiliano Masochi (@emilianomasochi)
Member
1 mes atrás

Thank you!!!

@H4NGK
@H4NGK (@h4ngk)
Author
30 días atrás

Excellent Isaías, a great contribution in the part of digital security. +1

JJJCarlos2
JJJCarlos2 (@jjjcarlos2)
Member
1 mes atrás

That problem is only for those who have those Flaticon Freepik icons ?.
By the way, today I received a very small update of the system patch, does it solve that problem ?.
Regards.
 

yasmani perez
yasmani perez (@yasmaniperez)
Member
30 días atrás

Hello everyone, maybe this off topic but I have not found what is happening to me after the upgrade to 20.2.2 because nothing that the system remains in the grub command line. If I enter when selecting the partition in the bios then I select the one that has my root directory and I manage to enter ... once inside I ran sudo grub-update but nothing keeps taking me to the grub command line every time I restart ... someone could be so kind to tell me How do I manage to point grub to my root directory ?? / thank you very much

Ruben Respinoza
Ruben Respinoza (@ruben-respinoza)
Member
30 días atrás

Muchas gracias ! es tranquilizador saber que tenemos un excelente soporte por parte de ustedes en la comunidad deepenes. Y si , es mas que preocupante que pasen estas cosas, pero la ventaja es que una comunidad activa aporta al mejoramiento del sistema. Este SO no solo es de Wuhan Deepin Technology, es de todos y cada uno de ustedes que se preocupan por auditar cada cambio y verificar que este dirigido en la dirección correcta, y también es nuestro, de la comunidad de usuarios básicos, quienes disfrutamos y publicitamos el uso de linux para que algún día sea el SO por excelencia.

Claudio Speroni
Claudio Speroni (@claudiosperoni)
Member
28 días atrás

Thanks for the job!!! Is already installed

JJJCarlos2
JJJCarlos2 (@jjjcarlos2)
Member
27 días atrás

Hello, I have tried to install the patch and it has not left me, it tells me that it has not found it, I leave a capture.
Regards.

Captura de pantalla dde desktop 20210705185419

 

Xoas
Xoas (@xoas)
Author
Respondiendo a  JJJCarlos2
27 días atrás

JJJCarlos2As the article says, first you have to install the Deepines Store.

JJJCarlos2
JJJCarlos2 (@jjjcarlos2)
Member
Respondiendo a  Xoas
27 días atrás

Xoas Ok thanks, I have installed it and by the way I have put Firefox and an icon theme, it is very good.
 
Regards.

orfeo
orfeo (@orfeo)
Member
21 días atrás

Many thanks!!

Max Unch
Max Unch (@maxunch)
Member
18 días atrás

So many Thank you to solve this serious security problem! Very good website. So far I have been able to fix various problems with your help in published articles. Beautiful project! Many blessings!

Raúl Junza
Raúl Junza (@rauljunza)
Member
11 días atrás

Thanks, patch applied.

Ruben Respinoza
Ruben Respinoza (@ruben-respinoza)
Member
6 días atrás

Hi, several patches have already been installed since this post. What is known about the problem? have already pronounced those of Deepin? or did they leave that like that?
Thank you

16
0
We would like to know what you think, join the discussion.x
()
x