dpkg vulnerability

2010-03-1100:00:00

ubuntu.com

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON

Releases

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

Packages

dpkg -

Details

William Grant discovered that dpkg-source did not safely apply diffs
when unpacking source packages. If a user or an automated system were
tricked into unpacking a specially crafted source package, a remote
attacker could modify files outside the target unpack directory, leading
to a denial of service or potentially gaining access to the system.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchdpkg-dev< 1.15.4ubuntu2.1UNKNOWN
Ubuntu9.10noarchdpkg< 1.15.4ubuntu2.1UNKNOWN
Ubuntu9.10noarchdselect< 1.15.4ubuntu2.1UNKNOWN
Ubuntu9.04noarchdpkg-dev< 1.14.24ubuntu1.1UNKNOWN
Ubuntu9.04noarchdpkg< 1.14.24ubuntu1.1UNKNOWN
Ubuntu9.04noarchdselect< 1.14.24ubuntu1.1UNKNOWN
Ubuntu8.10noarchdpkg-dev< 1.14.20ubuntu6.3UNKNOWN
Ubuntu8.10noarchdpkg< 1.14.20ubuntu6.3UNKNOWN
Ubuntu8.10noarchdselect< 1.14.20ubuntu6.3UNKNOWN
Ubuntu8.04noarchdpkg-dev< 1.14.16.6ubuntu4.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	dpkg-dev	< 1.15.4ubuntu2.1	UNKNOWN
Ubuntu	9.10	noarch	dpkg	< 1.15.4ubuntu2.1	UNKNOWN
Ubuntu	9.10	noarch	dselect	< 1.15.4ubuntu2.1	UNKNOWN
Ubuntu	9.04	noarch	dpkg-dev	< 1.14.24ubuntu1.1	UNKNOWN
Ubuntu	9.04	noarch	dpkg	< 1.14.24ubuntu1.1	UNKNOWN
Ubuntu	9.04	noarch	dselect	< 1.14.24ubuntu1.1	UNKNOWN
Ubuntu	8.10	noarch	dpkg-dev	< 1.14.20ubuntu6.3	UNKNOWN
Ubuntu	8.10	noarch	dpkg	< 1.14.20ubuntu6.3	UNKNOWN
Ubuntu	8.10	noarch	dselect	< 1.14.20ubuntu6.3	UNKNOWN
Ubuntu	8.04	noarch	dpkg-dev	< 1.14.16.6ubuntu4.1	UNKNOWN