Debian DSA-2409-1: devscripts Security Update Addresses Code Issues
debian
February 15, 2012
Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package
Topics Covered
Summary
Several vulnerabilities have been discovered in debdiff, a script used
to compare two Debian packages, which is part of the devscripts package.
The following Common Vulnerabilities and Exposures project ids have been
assigned to identify them:
CVE-2012-0210:
Paul Wise discovered that due to insufficient input sanitising when
processing .dsc and .changes files, it is possible to execute
arbitrary code and disclose system information.
CVE-2012-0211:
Raphael Geissert discovered that it is possible to inject or modify
arguments of external commands when processing source packages with
specially-named tarballs in the top-level directory of the .orig
tarball, allowing arbitrary code execution.
CVE-2012-0212:
Raphael Geissert discovered that it is possible to inject or modify
arguments of external commands when passing as argument to debdiff
a specially-named file, allowing arbitrary code execution.
For the stable distribution (squeeze), these problems have been fixe...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: devscripts
CVE ID: CVE-2012-0210 CVE-2012-0211 CVE-2012-0212
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!