FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dpkg -- stack-based buffer overflow

Affected packages
dpkg < 1.16.17
dpkg < 1.17.26
dpkg < 1.18.4

Details

VuXML ID 876768aa-ab1e-11e5-8a30-5453ed2e2b49
Discovery 2015-11-26
Entry 2015-12-25

Salvatore Bonaccorso reports:

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.

References

CVE Name CVE-2015-0860
URL http://openwall.com/lists/oss-security/2015/11/26/3
URL https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=f1aac7d933819569bf6f347c3c0d5a64a90bbce0