Ubuntu 10.04 LTS: USN-1038-1 High: Dpkg-Source Denial Of Service
ubuntu
January 6, 2011
The Ubuntu Security Notice USN-1038-1 highlights a severe vulnerability in the dpkg package, potentially enabling attackers to run code with elevated privileges during package management tasks
Jakub Wilk and Raphaël Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages