Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

Ubuntu 24.04 LTS / 25.10 : dpkg vulnerability (USN-8249-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8249-1 advisory. Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were trick...

EUVD-2004-2758

Malware in sbrugna...

EUVD-2014-3243

Malware in sbrugna...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : dpkg vulnerability (USN-7768-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7768-1 advisory. It was discovered that dpkg incorrectly handled removing certain temporary directories. An attacker could possibly use this issue to consume...

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

PT-2025-27559

Name of the Vulnerable Software and Affected Versions: dpkg affected versions not specified Description: A issue was found in dpkg where it does not properly sanitize directory permissions when extracting a control member into a temporary directory. This may lead to temporary files being left...

SUSE CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...

SUSE-SU-2022:4081-1 Security update for dpkg

This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive bsc1199944...

USN-5446-1: dpkg vulnerability | Cloud Foundry

usn-5446-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote...

OESA-2022-1703 dpkg security update

Dpkg is a tool to install, build, remove and manageDebian packages. The primary and more user-friendly front-end for dpkg is aptitude. Security Fixes: Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : dpkg vulnerability (USN-5446-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5446-1 advisory. Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into...

dpkg 路径遍历漏洞

dpkg is a package management tool for Debian. A path traversal vulnerability exists in dpkg, which stems from a directory traversal issue. The following products and versions are affected: 1.21.8, 1.20.10, 1.19.8, 1.18.26...

CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...

The vulnerability of the dpkg utility in the Astra Linux operating system, related to the lack of checks for the privilege PARSEC_CAP_INHERIT_INTEGRITY, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the dpkg utility in the Astra Linux operating system is related to the lack of a check for the privilege PARSECCAPINHERITINTEGRITY. This privilege ensures that the integrity of the current process is maintained during package installation. Exploiting this vulnerability allows...

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...

SUSE-SU-2017:1096-1 Security update for dpkg

This update for dpkg fixes the following issues: This security issue was fixed: - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an...

Ubuntu 14.04 LTS : dpkg vulnerability (USN-2820-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2820-1 advisory. Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into...

Ubuntu 14.04 LTS : dpkg vulnerability (USN-2566-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2566-1 advisory. Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpackin...

DEBIAN-CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...