[SECURITY] Fedora 22 Update: dpkg-1.16.16-5.fc22

This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to handle the installation and removal of packages on a Debian system. This package also contains dselect, an interface for...

Updated dpkg packages fix CVE-2015-0840

Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...

MGASA-2015-0197 Updated dpkg packages fix CVE-2015-0840

Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...

Debian DSA-3243-1 : libxml-libxml-perl - security update

Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expandentities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending ...

Vulnerabilities of the Debian GNU/Linux operating system, which allow a remote attacker to compromise the integrity and accessibility of protected information

The dpkg-dev package in the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to damage to the integrity and accessibility of protected information. These vulnerabilities can be exploited remotely...

Debian 'dpkg' Package Information Disclosure Vulnerability

Debian is a popular Linux distribution. An information disclosure vulnerability exists in Debian 'dpkg' Package. An attacker is allowed to exploit this vulnerability to obtain sensitive information...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

DEBIAN-CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

Design/Logic Flaw

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

CVE-2015-0840

CVE-2015-0840 affects dpkg before 1.16.16 and 1.17.x before 1.17.25. The issue: the dpkg-source command can bypass the signature check for Debian source control files (.dsc) by crafting the file, enabling bypass of source package integrity verification in local installs. Impact stated in sources:...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

[SECURITY] [DSA 3217-1] dpkg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq -...

dpkg protection bypass

dpkg-source package validation bypass...

Ubuntu 14.04 LTS : dpkg vulnerability (USN-2566-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2566-1 advisory. Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpackin...

Debian DSA-3217-1 : dpkg - security update

Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file .dsc. Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the...

Ubuntu: Security Advisory (USN-2566-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2566-1: dpkg vulnerability

Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks...

[SECURITY] [DSA 3217-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq -...