Ubuntu Security Notice 2183-2 - USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Various other issues were also addressed.
8637b20954031a4575400b91505f5fb816d51d9fe2097b94cbc136868f15bf68
Debian Linux Security Advisory 2915-1 - Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.
859d36f5c8dbbb0f25181d9f7ae180b3b816a16350c962858405417b686e0242
Ubuntu Security Notice 2183-1 - Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8d3851678414f8bc3ad88106e10038b6b01d7a3dd84c9b1c2b73fac8076b184f