Ubuntu 5446-2: dpkg vulnerability | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
==========================================================================
Ubuntu Security Notice USN-5446-2
May 30, 2022

dpkg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

A malicious source package could write files outside the unpack directory.

Software Description:
- dpkg: Debian package management system

Details:

USN-5446-1 fixed a vulnerability in dpkg. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

 Max Justicz discovered that dpkg incorrectly handled unpacking certain
 source packages. If a user or an automated system were tricked into
 unpacking a specially crafted source package, a remote attacker could
 modify files outside the target unpack directory, leading to a denial of
 service or potentially gaining access to the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  dpkg                            1.18.4ubuntu1.7+esm1
  libdpkg-perl                    1.18.4ubuntu1.7+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5446-2
  https://ubuntu.com/security/notices/USN-5446-1
  CVE-2022-1664

Ubuntu 5446-2: dpkg vulnerability

May 30, 2022
A malicious source package could write files outside the unpack directory.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: A malicious source package could write files outside the unpack directory. Software Description: - dpkg: Debian package management system Details: USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: dpkg 1.18.4ubuntu1.7+esm1 libdpkg-perl 1.18.4ubuntu1.7+esm1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5446-2

https://ubuntu.com/security/notices/USN-5446-1

CVE-2022-1664

Severity
Ubuntu Security Notice USN-5446-2

Package Information

Related News

Business Conditions Prime for More Open-Source Contributors

Thunderbird 102.9.0 is a security update for the open source email client

How OpenSSF Aims to Make Log4j-Like Incidents Rare

Companies Can’t Stop Using Open Source

News

Advisories

HOWTOs

Features

Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy