19 matches found
EUVD-2014-0509
Malware in sbrugna...
EUVD-2014-3801
Malware in sbrugna...
USN-5446-1 dpkg vulnerability
Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or...
dpkg directory traversal vulnerability (CNVD-2017-06898)
dpkg is a suite management system developed specifically for Debian to facilitate the installation, update and removal of software. A directory traversal vulnerability exists in dpkg. dpkg's unpacking feature is vulnerable to a directory traversal vulnerability. A remote attacker can exploit this...
USN-2566-1 dpkg vulnerability
Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks...
[oss-security] Re: CVE request: another path traversal in dpkg-source during unpack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another path traversal was discovered The short answer is that bug 746498 is CVE-2014-3864, and bug 749183 is CVE-2014-3865. We can also, first, review the status of the CVEs related to our 1 May 2014 message. The proposed CVE mappings for all four of...
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...
DEBIAN-CVE-2014-3227
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to...
Directory traversal
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...
CVE-2014-3227
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to...
CVE-2014-3864
CVE-2014-3864 affects dpkg-source in dpkg-dev 1.3.0, enabling a directory-traversal where a crafted source package without a header line can modify files outside the intended directories. Connected advisories indicate the vulnerability is addressed in updated dpkg packages (e.g., Fedora updates f...
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...
CVE-2014-3127
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
UBUNTU-CVE-2014-3127
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
Directory traversal
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
CVE-2014-3127
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of t...
Directory traversal
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...
CVE-2014-0471
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...
CVE-2014-0471
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...