![\"\"](\"https:\/\/www.deepin.org\/wp-content\/uploads\/2026\/04\/\u8868\u60c51-900x383-1.jpg\")
<\/p>\n\ud83d\udd14 Dear deepin users and community members,<\/p>\n
deepin 25.1 is here! This update includes an emergency fix for the recently discovered \u201cPack2TheRoot\u201d high-risk vulnerability, along with an optimization for the audio device loss issue that some recent upgraders have experienced. We strongly recommend that everyone update as soon as possible.<\/p>\n
Fixed audio device loss on some systems.<\/p>\n<\/li>\n
Removed some outdated intelligent mirror sources and resolved update failures caused by IP bans for certain users.<\/p>\n<\/li>\n
Patched several known CVE security vulnerabilities (including the \u201cPack2TheRoot\u201d high\u2011risk vulnerability) to improve system security.<\/p>\n<\/li>\n<\/ul>\n
Security researchers from Deutsche Telekom\u2019s Red Team recently discovered a Time\u2011of\u2011Check Time\u2011of\u2011Use (TOCTOU) vulnerability in PackageKit.<\/p>\n
This vulnerability allows an unprivileged attacker to install or remove software packages without authorization, which may lead to root privilege escalation or other malicious operations.<\/p>\n
Vulnerability IDs:<\/strong>\u00a0CVE\u20112026\u201141651 \/ GHSA\u2011f55j\u2011vvr9\u201169xv<\/p>\n All users who have not updated deepin 25 are affected. We strongly recommend updating immediately.<\/p>\n None available \u2013 this issue can only be resolved through a system update.<\/p>\n <\/p>\n deepin 25 has been patched in this update.<\/p>\n You can check your current version by running:<\/p>\n dpkg -l<\/span> |<\/span> grep<\/span> -i<\/span> packagekit<\/span><\/p>\n Unaffected (vulnerable) versions:<\/strong>\u00a01.2.8-2deepin1 and lower <\/p>\n 2026\u201104\u201122 18:56<\/strong>\u00a0\u2013 Upstream released version 1.3.5<\/p>\n<\/li>\n 2026\u201104\u201122 19:31<\/strong>\u00a0\u2013 Upstream announcement<\/p>\n<\/li>\n 2026\u201104\u201122 20:30<\/strong>\u00a0\u2013 deepin detected the vulnerability<\/p>\n<\/li>\n 2026\u201104\u201123 09:56<\/strong>\u00a0\u2013 Patch developed and integrated<\/p>\n<\/li>\n 2026\u201104\u201123 13:15<\/strong>\u00a0\u2013 Integration testing passed<\/p>\n<\/li>\n 2026\u201104\u201123 16:58<\/strong>\u00a0\u2013 Patch integrated and update pushed<\/p>\n<\/li>\n<\/ul>\n https:\/\/lists.freedesktop.org\/archives\/packagekit\/2026-April\/026513.html<\/a><\/p>\n<\/li>\n https:\/\/github.security.telekom.com\/2026\/04\/pack2theroot-linux-local-privilege-escalation.html<\/a><\/p>\n<\/li>\n https:\/\/github.com\/PackageKit\/PackageKit\/security\/advisories\/GHSA-f55j-vvr9-69xv<\/a><\/p>\n<\/li>\n https:\/\/www.openwall.com\/lists\/oss-security\/2026\/04\/22\/6<\/a><\/p>\n<\/li>\n https:\/\/github.com\/PackageKit\/PackageKit\/commit\/76cfb675fb31acc3ad5595d4380bfff56d2a8697<\/a><\/p>\n<\/li>\n<\/ul>\n That\u2019s all for the deepin 25.1 official release. Once again, thank you for your support, dear deepin community!<\/p>\n deepin is a globally recognized open\u2011source operating system with an outstanding ranking on DistroWatch. We continuously iterate our vulnerability response to build a stable, trustworthy, and secure open\u2011source desktop ecosystem.<\/p>\n If you encounter any issues during the update or daily use, please feel free to reach out to us on the deepin community forum.<\/p>","protected":false},"excerpt":{"rendered":" \ud83d\udd14 Dear deepin users and community members, deepin 25.1 is here! This update includes an emergency fix for the recently discovered \u201cPack2TheRoot\u201d high-risk vulnerability, along with an optimization for the audio device loss issue that some recent upgraders have experienced. We strongly recommend that everyone update as soon as possible. I. Update Details \u2013 April 23, 2026 Fixed audio device loss on some systems. Removed some outdated intelligent mirror sources and resolved update failures caused by IP bans for certain users. Patched several known CVE security vulnerabilities (including the \u201cPack2TheRoot\u201d high\u2011risk vulnerability) to improve system security. Explanation of the Emergency ...Read more<\/a><\/p>\n","protected":false},"author":18825,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[93],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/38886"}],"collection":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/users\/18825"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/comments?post=38886"}],"version-history":[{"count":7,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/38886\/revisions"}],"predecessor-version":[{"id":38895,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/38886\/revisions\/38895"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/media?parent=38886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/categories?post=38886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/tags?post=38886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Am I affected?<\/h2>\n
Temporary mitigation<\/h2>\n
II. Fixed Version Information<\/strong><\/h1>\n
\nFixed version:<\/strong>\u00a01.2.8-2deepin2<\/p>\nIII. Timeline<\/strong><\/h1>\n
\n
References<\/h2>\n
\n