Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-909-1: dpkg vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-909-1: dpkg vulnerability
# 1  
Old 03-11-2010
USN-909-1: dpkg vulnerability
Referenced CVEs:
CVE-2010-0396


Description:
=========================================================== Ubuntu Security Notice USN-909-1 March 11, 2010 dpkg vulnerability CVE-2010-0396 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dpkg-dev 1.13.11ubuntu7.1 Ubuntu 8.04 LTS: dpkg-dev 1.14.16.6ubuntu4.1 Ubuntu 8.10: dpkg-dev 1.14.20ubuntu6.3 Ubuntu 9.04: dpkg-dev 1.14.24ubuntu1.1 Ubuntu 9.10: dpkg-dev 1.15.4ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT LINUX

dpkg-genbuilddeps

DPKG-GENBUILDDEPS(1)                                          General Commands Manual                                         DPKG-GENBUILDDEPS(1)

NAME

       dpkg-genbuilddeps - generate a list of packages used to build this package

SYNOPSIS

       dpkg-genbuilddeps [arg ...]

DESCRIPTION

       This  program is a wrapper around dpkg-depcheck(1).  It should be run from the top of a Debian build tree.  It calls dpkg-buildpackage with
       any arguments given on the command line, and by tracing the execution of this, it determines which non-essential packages were used  during
       the package building.  This can be useful in determining what the Build-Depends control fields should contain.  It does not determine which
       packages were used for the arch independent parts of the build and which for the arch dependent parts, not does  it  attempt  to  determine
       which versions of packages are required.  It should be able to run under fakeroot rather than being run as root, as fakeroot dpkg-genbuild-
       deps, or dpkg-genbuilddeps -rfakeroot.

       This program requires the build-essential package to be installed.  If it is not, please use dpkg-depcheck directly, with a command such as
         dpkg-depcheck --all dpkg-buildpackage -us -uc -b -rfakeroot ...
       All this program itself does is essentially to run the command:
         dpkg-depcheck -b dpkg-buildpackage -us -uc -b -rfakeroot [arg ...]

SEE ALSO

       The Debian Policy Manual, sections on Build-Depends etc., dpkg-depcheck(1) and fakeroot(1).

AUTHOR

       The original dpkg-genbuilddeps was written by Ben Collins <bcollins@debian.org>.  The current version is  a  simple  wrapper  around  dpkg-
       depcheck written by Bill Allombert <ballombe@debian.org>.  This manual page was written by Julian Gilbey <jdg@debian.org>.

DEBIAN                                                           Debian Utilities                                             DPKG-GENBUILDDEPS(1)