统信UOS（统信服务器操作系统）-修复CVE高危漏洞

前言

针对某托管平台分配的4台虚拟服务器，操作系统统信UOS（Deepin）服务器发现高危漏洞 并修复。

OpenSSH 命令注入漏洞(CVE-2020-15778) / OpenSSH 安全漏洞(CVE-2021-41617) /  OpenSSH 输入验证错误漏洞(CVE-2019-16905) 的修复办法。

 图1

 将离线补丁包上传到服务器，运行 dpkg -i  包名.deb 依次安装补丁包，安装顺序为client，sftp，server 。

资源包：https://download.csdn.net/download/AirIT/87881104

root@V01:~/data/Patch-20230608# dpkg -i openssh-client_7.9p1.10-deepin1_arm64.deb
(Reading database ... 156351 files and directories currently installed.)
Preparing to unpack openssh-client_7.9p1.10-deepin1_arm64.deb ...
Unpacking openssh-client (1:7.9p1.10-deepin1) over (1:7.9p1.1-1+dde) ...
Setting up openssh-client (1:7.9p1.10-deepin1) ...
Processing triggers for man-db (2.8.5-2) ...



root@V01:~/data/Patch-20230608# dpkg -i openssh-sftp-server_7.9p1.10-deepin1_arm64.deb
(Reading database ... 156351 files and directories currently installed.)
Preparing to unpack openssh-sftp-server_7.9p1.10-deepin1_arm64.deb ...
Unpacking openssh-sftp-server (1:7.9p1.10-deepin1) over (1:7.9p1.10-deepin1) ...
Setting up openssh-sftp-server (1:7.9p1.10-deepin1) ...
Processing triggers for man-db (2.8.5-2) ...



root@V01:~/data/Patch-20230608# dpkg -i openssh-server_7.9p1.10-deepin1_arm64.deb
(Reading database ... 156351 files and directories currently installed.)
Preparing to unpack openssh-server_7.9p1.10-deepin1_arm64.deb ...
Unpacking openssh-server (1:7.9p1.10-deepin1) over (1:7.9p1.1-1+dde) ...
Setting up openssh-server (1:7.9p1.10-deepin1) ...

在安装server包时，这里配置文件会提示如下，选择第二个保持当前安装的本地版本。

图2 

全部安装完毕后，重新再对四台服务器进行漏扫，发现高、中危漏洞都已修复。

图3