Ubuntu Security Notice 5446-2 - USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
09e0a2a5f3f508ae625251c9b9a3fed6af290d242230a27742b820979dde90ea
Debian Linux Security Advisory 5147-1 - Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.
ccab37e95da7246c12fd05c22d773941aa0f6800abc88e264138bd5800ed2fe6
Ubuntu Security Notice 5446-1 - Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8ba864d61f0193bbfb97226d88f416c5673aba3d68a202bdfbf7fac70e91909c