Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2962
dpkg security update
27 November 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: dpkg
Publisher: Debian
Operating System: Debian GNU/Linux 7
Debian GNU/Linux 8
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0860
Original Bulletin:
http://www.debian.org/security/2015/dsa-3407
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running dpkg check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3407-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 26, 2015 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : dpkg
CVE ID : CVE-2015-0860
Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb
component of dpkg, the Debian package management system. This flaw could
potentially lead to arbitrary code execution if a user or an automated
system were tricked into processing a specially crafted Debian binary
package (.deb) in the old style Debian binary package format.
This update also includes updated translations and additional bug fixes.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.16.17.
For the stable distribution (jessie), this problem has been fixed in
version 1.17.26.
We recommend that you upgrade your dpkg packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWV0zYAAoJEAVMuPMTQ89EJWAP/jhh6XHbUb0Bk2B4xmcegVRe
kxvBDVF6SIJfXEYW8nv5p52DiOom+cF+J36p1TbQd0MyehgxfR3uNaE67x4LpMJW
uNbkXnwetaHO6z0/ELfPSOWRKovokmoaoveFJLH7UpOa8GmcxAHo7w79HNd2wvNr
TAQbcNHXyhxc540sos+usYpIuQa+EqLhBpPmA45vmXQK9lgM10Z/cRqckD49P0FF
uldHEXu4yM/n/jsFqRxB0WlXuIJg52DoaGwRMUC0h/kZ6wgg3qQFuNgnrtyDDJaP
liOuXF3zj3Q6b7mxiMVwb3faFZpFlmJc4q8lo5hw8/kkBhNHZSlHTR+qFdLDQU77
KgaymrxKlwEu0iXlIVpFGHnvFeObiY3hghpC4i2mvOoJHcKzIGX4acZ3QZrJ0VTL
zIYEdpYTYv0O27g/29UvvAmnMBEjAVhKiucyHTy6lyuiyyygrgEHapnVKNuOCR8b
bpLleCsYzbRwxHCpeZ0cWaGi5v4sq4LWc/RkPsXLJt4A729xOhTtdJdtd1E3hfsO
b5yPoNRqt5yYV1SyrURW8Urnt3+U9E6WiwJHyLD3sYvCuCoZe57QvNiKxZ4HcolJ
VWbuQ/8ZGSwp64Qiim78rMDnYOldDkgtp26MLKg10fZU+iGPKHi5sV4FJyzF9olS
B5wh9w1rICCIuWcoF8bJ
=IMnl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVlfJZX6ZAP0PgtI9AQJgFg//TkdA7gE3aQRn7SUMALV3Ywmou5wTE06D
LTiXUnfjBf2BfI/lTgMaZozEGfHyBIvf6Up8jI3l8skF0m8oHzl65dSHJp/Dp8/v
e7m2ECHHrvkdC5aISJQNvbWqpxO+2aAQ+ZnhZ9GkHbbnq256U4Nxij+Kqdhqp40k
gZMTUJkKGR9tcLWDohiSaK/n/i5B83Fq9oURXHYfatQMxtzDcy8uQzzy8BRyHF5q
Z5Gv72q8gQDmnLLv73zaTzh1ijb+rBtq81FrH/qdqHn/BIU0/qk7mT65/8i28bbg
EArt9kF/JNsqt58lZSqspxa2sds3/P7E0PTsFsPRX+WqpfsoCVKpgapZiPGPqaNc
GWW9y3ENRQh7PRYbIGexx44DpsvJ7EmvT3HVXPMkNZcIoprTqHpJs2YJbn00zOKv
nI3qohg49RGmR/lYQHFkgWBNJ6S5vs5PKbnD1aBoFMbrTenDa2hww1FsjsN45Z+3
POIRj0AY5vjndvVuUp8noh/UbHMLtgGDEwv+tELM77BSmvncau1sxxiSHoWFuW6x
7Ca/x0J7Ze0M1pjON4uKic/wIsT6x9wWDxsafMqxIhrWkjVkvWobCoL1FroCcqJw
iew3g6/Zp+YshaXKOdisafx9KgJk72k2mPW2b4jfvh5VTGwiYpyxdIytZLxUdjeJ
E6PWV/EXrMA=
=FR5X
-----END PGP SIGNATURE-----