exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 38907

Secunia Security Advisory 38907
Posted Mar 11, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for dpkg. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

tags | advisory
systems | linux, debian
SHA-256 | 8f6c9c6167a4cdf00756fc0787b07e0a2ef3fb05251d553fa7084e5b0270b476

Secunia Security Advisory 38907

Change Mirror Download
----------------------------------------------------------------------


Use WSUS to deploy 3rd party patches

Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Debian update for dpkg

SECUNIA ADVISORY ID:
SA38907

VERIFY ADVISORY:
http://secunia.com/advisories/38907/

DESCRIPTION:
Debian has issued an update for dpkg. This fixes a vulnerability,
which can be exploited by malicious people to manipulate certain data
and compromise a vulnerable system.

The vulnerability is caused due to an error in dpkg-source when
unpacking source packages. This can be exploited to modify arbitrary
files outside of the intended destination directory.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 5.0 alias lenny --

Source archives:

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.dsc
Size/MD5 checksum: 1544 7cf187bdb138606465a626f30da65423
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz
Size/MD5 checksum: 6849885 4326172a959b5b6484b4bc126e9f628d

Architecture independent packages:

http://security.debian.org/pool/updates/main/d/dpkg/dpkg-dev_1.14.29_all.deb
Size/MD5 checksum: 770984 76f021d6ddbbd0726f123cc993f55b40

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_alpha.deb
Size/MD5 checksum: 2446040 96fe37e062b47c64faf2e16463265d15
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_alpha.deb
Size/MD5 checksum: 814066 bc68e19e69ec46a769780a68fef862a8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_amd64.deb
Size/MD5 checksum: 2400244 0e38c74c3fd8cd11d3112b950e1fd42a
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_amd64.deb
Size/MD5 checksum: 800106 6e1ef50a9e0821d4087ffd22aa71d031

arm architecture (ARM)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_arm.deb
Size/MD5 checksum: 2364912 308e279965adbc2d10a1131978b71fc1
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_arm.deb
Size/MD5 checksum: 798628 d891c19e779426db56070820c52ed52e

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_armel.deb
Size/MD5 checksum: 797176 3ade9a406bb32f8e82205d78572c6f6a
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_armel.deb
Size/MD5 checksum: 2361596 6e781e9051ecb40ae4b3dc89226d5f60

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_hppa.deb
Size/MD5 checksum: 2414914 dea419be797918c210c7f2ea81b968a2
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_hppa.deb
Size/MD5 checksum: 812730 1b7ad0f69ef081f68c50df9023581d6f

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_i386.deb
Size/MD5 checksum: 800424 66ebb60ebc836702afbe8cae59a39f35
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_i386.deb
Size/MD5 checksum: 2354472 d81c926899c940f03190ea74bfbecb7f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_ia64.deb
Size/MD5 checksum: 2606008 72fc1c9a4081e5d90bb1f7735b334f2b
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_ia64.deb
Size/MD5 checksum: 842398 3ae67b486742d05ab49fe82c5d56521f

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mips.deb
Size/MD5 checksum: 2406768 78bd15417766928cc79d1950b02a0fac
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mips.deb
Size/MD5 checksum: 809606 a897741ac7876f70f9e69477eab3fe12

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mipsel.deb
Size/MD5 checksum: 811048 85bc3ad6ef312571f1e707f7b6136fd3
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mipsel.deb
Size/MD5 checksum: 2402126 4ac9b517d9a39e37d05f0efdc131b93f

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_powerpc.deb
Size/MD5 checksum: 2398050 3b98a0fe1f17e38905d189676fec7246
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_powerpc.deb
Size/MD5 checksum: 808874 88e02c80992df57289ce52b5cc032c3d

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_s390.deb
Size/MD5 checksum: 2409406 7ca42e53f5a74e7381307fd5ca19b7a8
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_s390.deb
Size/MD5 checksum: 800334 161afe75a681ff023995bc5764e49947

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_sparc.deb
Size/MD5 checksum: 2357888 2e1be7c5b81f5c9e66946396922b40ff
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_sparc.deb
Size/MD5 checksum: 798754 4709cd55f7f47a5fe2e82df17c019821

PROVIDED AND/OR DISCOVERED BY:
The vendor credits William Grant.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2010/dsa-2011

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close