CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

CVE-2011-0402

CVE-2011-0402 affects dpkg-source in dpkg before 1.14.31 and 1.15.x, enabling a user-assisted remote attacker to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. The connected OpenVAS entries and Fedora/Debian advisories reference this CVE alongside updates (...

CVE-2010-1679

CVE-2010-1679 describes a directory-traversal flaw in dpkg-source (dpkg prior to 1.14.31 and 1.15.x) where a patch for a source-format 3.0 package can be exploited to modify arbitrary files. The root cause is insufficient validation of patch-driven file paths during source-package processing, ena...

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

CVE-2011-0402

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory...

Ubuntu Update for dpkg vulnerability USN-1038-1

Ubuntu Update for Linux kernel vulnerabilities USN-1038-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10381.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for dpkg vulnerability USN-1038-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dpkg directory traversal

Directory traversal on package content extraction...

[SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2142-1 [email protected] http://www.debian.org/security/ Raphael Geissert January 06, 2011 http://www.debian.org/security/faq -...

Ubuntu 9.10 / 10.04 LTS / 10.10 : dpkg vulnerability (USN-1038-1)

Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files...

Debian DSA-2142-1 : dpkg - directory traversal

Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories. Raphael Hertzog additionally discovered that symbolic links in the .pc directory are followed...

USN-1038-1: dpkg vulnerability

Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files...

[SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal

------------------------------------------------------------------------- Debian Security Advisory DSA-2142-1 [email protected] http://www.debian.org/security/ Raphael Geissert January 06, 2011 http://www.debian.org/security/faq -...

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to...

Ubuntu: Security Advisory (USN-986-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for dpkg vulnerability USN-986-3

Ubuntu Update for Linux kernel vulnerabilities USN-986-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN9863.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for dpkg vulnerability USN-986-3 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : dpkg vulnerability (USN-986-3)

USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2 and needed to be rebuilt to use the updated libbz2. An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any...

USN-986-3: dpkg vulnerability

USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2 and needed to be rebuilt to use the updated libbz2. Original advisory details: An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker...

[SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-2112-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 20, 2010 http://www.debian.org/security/faq -...