FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dpkg -- stack-based buffer overflow

Affected packages
dpkg < 1.16.17
dpkg < 1.17.26
dpkg < 1.18.4


VuXML ID 876768aa-ab1e-11e5-8a30-5453ed2e2b49
Discovery 2015-11-26
Entry 2015-12-25

Salvatore Bonaccorso reports:

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.


CVE Name CVE-2015-0860