Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Debian: DSA-2142-1 Critical Dpkg Directory Traversal Security Advisory

debian
Calendar Grey January 6, 2011
Debian Logo
Debian's DSA-2143-1 addresses vulnerabilities in the APT package manager related to improper input validation. Follow the comprehensive upgrade guide for further details.
Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make i...

Summary

Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian
package management system, doesn't correctly handle paths in patches of
source packages, which could make it traverse directories.
Raphaël Hertzog additionally discovered that symbolic links in the .pc
directory are followed, which could make it traverse directories too.

Both issues only affect source packages using the "3.0 quilt" format at
unpack-time.


For the stable distribution (lenny), these problems have been fixed in
version 1.14.31.
For the testing (squeeze) and unstable distributions (sid),
these problems will be fixed soon.


We recommend that you upgrade your dpkg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: dpkg
CVE ID: CVE-2010-1679

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.