Ubuntu 1038-1: dpkg vulnerability

==========================================================Ubuntu Security Notice USN-1038-1          January 06, 2011
dpkg vulnerability
CVE-2010-1679
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  dpkg-dev                        1.15.4ubuntu2.3

Ubuntu 10.04 LTS:
  dpkg-dev                        1.15.5.6ubuntu4.5

Ubuntu 10.10:
  dpkg-dev                        1.15.8.4ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

Jakub Wilk and Raphaël Hertzog discovered that dpkg-source did not
correctly handle certain paths and symlinks when unpacking source-format
version 3.0 packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial
of service or potentially gaining access to the system.


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:     1369 df5975398ec1f8fa00617dba2a855090
          Size/MD5:  7046765 7bd73bcbd5ff74a2083f51b068c3f071

  Architecture independent packages:

          Size/MD5:   572590 4a5837b26e895fed592d8e44bc5b89ce

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  2170884 82de5906f95f9b597a914f2c81659eaf
          Size/MD5:   334238 f02106409df7473ceba2401e273fbad4

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  2123952 6b1f6c7aa590d87bac9a630cb254bfdd
          Size/MD5:   325934 a243cff597c7a6b2ce3ea933cbbd2538

  armel architecture (ARM Architecture):

          Size/MD5:  2133956 be580c89987c4bf0729a6b7b0287c324
          Size/MD5:   322314 69da8bec9824d131f9fb2d29f3c7531b

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:  2109942 686414041cd2faade333988894c62721
          Size/MD5:   327130 bfb7291c389f69271b9d8d17097f1450

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  2170404 471bebdff42698ce65e19e688ccad114
          Size/MD5:   333352 e279c421aef7555990a8bc0154964c70

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  2132714 e743264871c293f5d0c9d5fced9ee297
          Size/MD5:   327166 e38693753de95099f3c6e0e911c73641

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

          Size/MD5:     1351 e9c42a50bdb677925283efd746d26827
          Size/MD5:  4682350 0404022baa0d35a11724f6268f806f35

  Architecture independent packages:

          Size/MD5:   653864 6eb96a6344c8d86376cc5f02eafd4903

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  2254322 10b37645fade4011744c91ecf5516d89
          Size/MD5:   407622 025c51b22e0ac7b8f138a5de274231bf

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  2191790 ab0b2dafdb6ba609d82b24dc61e56255
          Size/MD5:   402316 3c71bc471c4b78b9794e036e3d8ccfcf

  armel architecture (ARM Architecture):

          Size/MD5:  2175460 e6f606b4848cf051a9acd26c0d5e573a
          Size/MD5:   393030 39639fda1a6f61b0024ca06598a8395e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  2239566 54f9658a4096703b403479c2086cd338
          Size/MD5:   410174 2d3efa6860df00bb1c0ad6af0d16ba22

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  2217050 6175f5d14a3a76b158503992e9d4c28b
          Size/MD5:   406216 bb96dc8b38b8a638ab7ca04f24cb393d

Updated packages for Ubuntu 10.10:

  Source archives:

          Size/MD5:     1361 ec294c6bdf531ac3dfb1cf2a039d30ad
          Size/MD5:  5078410 ba30b2d5e73830c5dbaf520e38d03afe

  Architecture independent packages:

          Size/MD5:   772250 5bddb4a4e5802c4688eec68a1a806436
          Size/MD5:   504830 21caadb68ae793839dfef2ea71b9a2a7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  2132788 424e34190fc3d2b59f1c3ebb32238cf9
          Size/MD5:   513880 678a5dfec3cf74b420475a2b922f3021
          Size/MD5:   424950 e56298e2df7c1e9700a90d4723f831d8

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  2073106 f5b5aab820ac4592a36958974386b587
          Size/MD5:   508096 95aa9cc62b92e566e87f00cbf6b3076d
          Size/MD5:   410698 d93501aa6f9c36ac1803b3e7adb39127

  armel architecture (ARM Architecture):

          Size/MD5:  2075164 36bbda04079da2aa438a3dcfb61cd65c
          Size/MD5:   501672 9878e0c6b70f2f58b70735079d786115
          Size/MD5:   416906 52c402cd837d9635a445ad220a037325

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  2112602 e73d8182c2cb1c4f5df66125f0a863eb
          Size/MD5:   516766 f09ea74971241c741312a7a2fe85a2b7
          Size/MD5:   422710 79eb34bd5756074dc2d364e2db8b86a9
Ubuntu 1038-1: dpkg vulnerability

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
