Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 21 FEDORA-2015-7296 Critical: Dpkg Integrity Bypass

fedora
Calendar Grey May 12, 2015
Dist Fedora Esm H88
To tackle dpkg security issues in Fedora 21, ensure your system is updated, verify package integrity, implement access controls, and monitor logs.
Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840

Summary

This package contains the tools (including dpkg-source) required

to unpack, build and upload Debian source packages.

This package also contains the programs dpkg which used to handle the

installation and removal of packages on a Debian system.

This package also contains dselect, an interface for managing the

installation and removal of packages on the system.

dpkg and dselect will certainly be non-functional on a rpm-based system

because packages dependencies will likely be unmet.

Update Information:

Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840

Topics%20covered

Topics Covered

security advisory Fedora critical flaw dpkg integrity bypass

Change Log

* Sun Apr 26 2015 Sérgio Basto - 1.16.16-5 - Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch . - Added dpkg-perl-libexecdir.epel6.patch just for fix epel <= 6 . - Cleaned some trailing whitespaces. - Use _localstatedir instead /var . * Sat Apr 25 2015 Sérgio Basto - 1.16.16-4 - Revert location of dpkg/parsechangelog . - Fix build for all versions, including epel-6 . * Tue Apr 21 2015 Sérgio Basto - 1.16.16-3 - Better upstream URL . * Tue Apr 21 2015 Sérgio Basto - 1.16.16-2 - Some fixes and added support for epel-6 . - Removed Patch0: dpkg-perl-libexecdir.patch . - move /usr/lib/dpkg/parsechangelog to archable package . * Sun Apr 19 2015 Sérgio Basto - 1.16.16-1 - Security update to 1.16.16

References


[ 1 ] Bug #1210748 - CVE-2015-0840 dpkg: source package integrity verification bypass https://bugzilla.redhat.com/show_bug.cgi?id=1210748 [ 2 ] Bug #1162166 - CVE-2014-8625 dpkg: format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1162166

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update dpkg' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dpkg
Product: Fedora 21
Version: 1.16.16
Release: 5.fc21
URL: https://tracker.debian.org/pkg/dpkg
Summary: Package maintenance system for Debian Linux

Topics%20covered

Topics Covered

security advisory Fedora critical flaw dpkg integrity bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here