USN-2183-1: dpkg vulnerability
28 April 2014
A malicious source package could write files outside the unpack directory.
- dpkg - Debian package management system
Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when
unpacking source packages. If a user or an automated system were tricked
into unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-2183-2: dpkg-dev, dpkg, dselect, libdpkg-perl, libdpkg-dev