511 matches found
CVE-2014-3865
CVE-2014-3865 describes a directory-traversal vulnerability in dpkg-source (part of dpkg-dev 1.3.0) that lets remote attackers modify files outside intended directories via a crafted Index: pseudo-header (with missing ---/+++ headers or a +++ header with a blank pathname). Connected advisories in...
CVE-2014-3227
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to...
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...
CVE-2014-3865
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...
CVE-2014-3865
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...
UBUNTU-CVE-2014-3865
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...
UBUNTU-CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...
Fedora Update for dpkg FEDORA-2014-6277
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals
dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals source: https://www.securityfocus.com/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will...
dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals
source: https://www.securityfocus.com/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow local attackers to modify files outside the destination directory and possibly gain...
[SECURITY] Fedora 20 Update: dpkg-1.16.14-1.fc20
This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to handle the installation and removal of packages on a Debian system. This package also contains dselect, an interface for...
Fedora 20 : dpkg-1.16.14-1.fc20 (2014-6277)
Update to 1.16.14, fixes CVE-2014-0471, rhbz 1092210 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2014-3127
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
UBUNTU-CVE-2014-3127
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
CVE-2014-3127
CVE-2014-3127 concerns dpkg 1.15.9 on Debian squeeze where enabling the C-style encoded filenames feature, without the corresponding patch in the squeeze patch program, can trigger an interaction error allowing directory traversal via a crafted source package. The note ties this to release engine...
CVE-2014-3127
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
Ubuntu Update for dpkg USN-2183-1
Check for the Version of dpkg OpenVAS Vulnerability Test $Id: gbubuntuUSN21831.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for dpkg USN-2183-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
Ubuntu Update for dpkg USN-2183-2
Check for the Version of dpkg OpenVAS Vulnerability Test $Id: gbubuntuUSN21832.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for dpkg USN-2183-2 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
Ubuntu: Security Advisory (USN-2183-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...