You are here
Home > Preporuke > Ranjivost programskog paketa dpkg

Ranjivost programskog paketa dpkg

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2183-1
April 28, 2014

dpkg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

A malicious source package could write files outside the unpack directory.

Software Description:
– dpkg: Debian package management system

Details:

Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when
unpacking source packages. If a user or an automated system were tricked
into unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libdpkg-perl 1.17.5ubuntu5.1

Ubuntu 13.10:
libdpkg-perl 1.16.12ubuntu1.1

Ubuntu 12.10:
libdpkg-perl 1.16.7ubuntu6.1

Ubuntu 12.04 LTS:
libdpkg-perl 1.16.1.2ubuntu7.3

Ubuntu 10.04 LTS:
dpkg-dev 1.15.5.6ubuntu4.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2183-1
CVE-2014-0471

Package Information:
https://launchpad.net/ubuntu/+source/dpkg/1.17.5ubuntu5.1
https://launchpad.net/ubuntu/+source/dpkg/1.16.12ubuntu1.1
https://launchpad.net/ubuntu/+source/dpkg/1.16.7ubuntu6.1
https://launchpad.net/ubuntu/+source/dpkg/1.16.1.2ubuntu7.3
https://launchpad.net/ubuntu/+source/dpkg/1.15.5.6ubuntu4.7

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTXlhFAAoJEGVp2FWnRL6TdlEP/ArZXJhYeDd65NvdEOJGW6zL
wSDow163vTTzUE+j+oC2SX9xjHwUGGuDfHGasSQRqG6AH12xu7sQpQPqy2gpLbaY
+MMg7Ts53Gj1aDB7k+KtRzJx/BuS2Hy83wdQsOhmEyny59685kctQTz3fRKeUhII
44U8pkvDw0w2uaC7atbyXxJEjW3u9Peujxjd2XBYhPamJxk7BXfrqgyZ4pg3RXoW
127DbrTVpmw5uiMJJt4bko0oDAPJPqrFBpP7NRJFevie8bJ5RbqBE6XFofoI9iWt
H7/21YtixdEZjwZbIhxywS706NLJYDGetxxECEMwHhfu48oG5f+IwDJf+A3KIvOA
glqXxSadnDFw50oj5SLrFG1+c494ncNhEkQ/M+ZvwoUIR/tVUPNZmUsZGYpKJYlt
ahBxIYRFXHkypbpv3V3CuJ27GXUVajCOLYizUE/SRyMDez9TtZa4phIWR03cVMby
7GEq5fqC86O2iqIxt2GrPUTGWC3yO2+76afcPvGbGULdMM3keR1KU5PMs00H12Uj
Cdiu4ZY9A35UnBLntipz+tC/pAGP3TZUxYoTsQda2nW8y8GBC5KlHcSpd4AX70/8
juJtH8ZO0Lohk7hPdTx87pjPukO9h3xGdotjfWyPZsS2S4gLUTyf7uUcxKXu3tNF
pjR+PM6CAYwqrm8IxZSp
=R8So
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-04-0006-ADV
CveCVE-2014-0471
ID izvornikaUSN-2183-1
Proizvoddpkg
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Ranjivost programskog paketa dpkg

Otkrivena je ranjivost u programskom paketu dpkg za Debian OS. Ranjivost je uzrokovana neispravnim parsiranjem određenih putanja i symlinkova prilikom...

Close