Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora: 2015-7342 Moderate: Dpkg Security Fixes CVE-2014-8625 DoS

fedora
Calendar Grey May 12, 2015
Dist Fedora Esm H88
Essential revisions for rpm on Fedora 20 rectifying vulnerabilities and compilation issues for improved software handling.
Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch

Summary

This package contains the tools (including dpkg-source) required

to unpack, build and upload Debian source packages.

This package also contains the programs dpkg which used to handle the

installation and removal of packages on a Debian system.

This package also contains dselect, an interface for managing the

installation and removal of packages on the system.

dpkg and dselect will certainly be non-functional on a rpm-based system

because packages dependencies will likely be unmet.

Update Information:

Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch . Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840

Topics%20covered

Topics Covered

security advisory Fedora security fix package management dpkg build error integrity verification

Change Log

* Sun Apr 26 2015 Sérgio Basto - 1.16.16-5 - Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch . - Added dpkg-perl-libexecdir.epel6.patch just for fix epel <= 6 . - Cleaned some trailing whitespaces. - Use _localstatedir instead /var . * Sat Apr 25 2015 Sérgio Basto - 1.16.16-4 - Revert location of dpkg/parsechangelog . - Fix build for all versions, including epel-6 . * Tue Apr 21 2015 Sérgio Basto - 1.16.16-3 - Better upstream URL . * Tue Apr 21 2015 Sérgio Basto - 1.16.16-2 - Some fixes and added support for epel-6 . - Removed Patch0: dpkg-perl-libexecdir.patch . - move /usr/lib/dpkg/parsechangelog to archable package . * Sun Apr 19 2015 Sérgio Basto - 1.16.16-1 - Security update to 1.16.16 * Sat Aug 16 2014 Fedora Release Engineering - 1.16.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jun 23 2014 Sérgio Basto - 1.16.15-1 - Update to 1.16.15, fixes: CVE-2014-3864, CVE-2014-3865 , rhbz #1103026 * Sat Jun 7 2014 Fedora Release Engineering - 1.16.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 10 2014 Sérgio Basto - 1.16.14-1 - Update to 1.16.14, fixes CVE-2014-0471, rhbz #1092210 .

References


[ 1 ] Bug #1210748 - CVE-2015-0840 dpkg: source package integrity verification bypass https://bugzilla.redhat.com/show_bug.cgi?id=1210748 [ 2 ] Bug #1162166 - CVE-2014-8625 dpkg: format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1162166

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update dpkg' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: dpkg
Product: Fedora 20
Version: 1.16.16
Release: 5.fc20
URL: https://tracker.debian.org/pkg/dpkg
Summary: Package maintenance system for Debian Linux

Topics%20covered

Topics Covered

security advisory Fedora security fix package management dpkg build error integrity verification

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here