Lucene search
UbuntuUSN-2820-1HistoryNov 26, 2015 - 12:00 a.m.
dpkg vulnerability
2015-11-2600:00:00
ubuntu.com
25
7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.144 Low
EPSS
Percentile
95.7%
Releases
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- dpkg - Debian package management system
Details
Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain
old style Debian binary packages. If a user or an automated system were
tricked into unpacking a specially crafted binary package, a remote
attacker could possibly use this issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.10 | noarch | dpkg | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | dpkg-dbgsym | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | dpkg-dev | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | dselect | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | dselect-dbgsym | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | libdpkg-dev | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | libdpkg-perl | < 1.18.2ubuntu5.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | dpkg | < 1.17.25ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | dpkg-dbgsym | < 1.17.25ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | dpkg-dev | < 1.17.25ubuntu1.1 | UNKNOWN |
References
Related
nessus
nessus
Ubuntu 14.04 LTS : dpkg vulnerability (USN-2820-1)
2015-11-30 00:00:00
Fedora 23 : dpkg (2016-10ec03ed27)
2016-12-07 00:00:00
Fedora 25 : dpkg (2016-0918477a60)
2016-12-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 3407-1 (dpkg - security update)
2015-11-26 00:00:00
Debian: Security Advisory (DSA-3407-1)
2015-11-25 00:00:00
Fedora Update for dpkg FEDORA-2016-0918477a60
2016-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: dpkg-1.17.27-1.fc25
2016-12-05 21:47:39
[SECURITY] Fedora 24 Update: dpkg-1.17.27-1.fc24
2016-12-06 10:29:41
[SECURITY] Fedora 23 Update: dpkg-1.17.27-1.fc23
2016-12-06 02:24:54
debiancve
debiancve
CVE-2015-0860
2015-12-03 20:59:00
freebsd
freebsd
dpkg -- stack-based buffer overflow
2015-11-26 00:00:00
mageia
mageia
Updated dpkg packages fix CVE-2015-0860
2015-12-23 23:12:49
prion
prion
Stack overflow
2015-12-03 20:59:00
ubuntucve
ubuntucve
CVE-2015-0860
2015-11-26 00:00:00
debian
debian
[SECURITY] [DSA 3407-1] dpkg security update
2015-11-26 18:18:57
[SECURITY] [DSA 3407-1] dpkg security update
2015-11-26 18:18:57
cve
cve
CVE-2015-0860
2015-12-03 20:59:00
gentoo
gentoo
dpkg: Arbitrary code execution
2016-12-04 00:00:00
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.144 Low
EPSS
Percentile
95.7%
Related for USN-2820-1