1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5147-1] dpkg security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed May 25 17:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5147-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    May 25, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : dpkg
    CVE ID : CVE-2022-1664

    Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system.
    This affects extracting untrusted source packages in the v2 and v3
    source package formats that include a debian.tar.

    For the oldstable distribution (buster), this problem has been fixed
    in version 1.19.8.

    For the stable distribution (bullseye), this problem has been fixed in
    version 1.20.10.

    We recommend that you upgrade your dpkg packages.

    For the detailed security status of dpkg please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/dpkg

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKOS75fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SQiw//emxzoeBb84SW7etFMi/UQJZSPSg9sEcbD3IKAUU4DbZsz1rnPiydijHw X7eYWx3SoCx4wItsLT5n9eMFCGoyMp0zPebv8T7ipr/0dhe+R5MNKkKqmvBZOO10 MP9o3rm2VA0wUSHeNNhFlQHf/4cFWYXSeQGdq5/iemZcYY+/nEt56EX9iEoQX5dq AQ3eQ90nczZrOY3JSVtiJmv7btq19EcVDF54iqzKVdKis34305J77i+ZMVyYhMId cuWsv6ZgvdjfqLb8hYVE4IlXJZHATx5NKzAx1g5ZkeC/rbZCTLoEoBi+VV7caRxB 7ailjM5E5Qcd8f/nIQDq9ZkPKF8kKc5FlFW+K7FKO2YbVhcwqAodFosphRMc9G7j p98aTDjp7WC9if5QwgdiSdt3h2/hFRfRZd6otlk8ub8i/OT5pbvCBrCWPS8Q8Hr5 pLQ0SgUnyANBPhJiByg4Km+Rl/nzI0VbZqxb19zQeMJK+SJoEgYrhhzoR32ZCLs0 cqf5xnlaiXWwi2I7mTJP7RwWTnESXFBMW0IjhDW2UDqK26jSgjWjFPBb+4JKRk+M vkhVbxCoZo5wh5LoOQAD5u34ggsZliid6cs7nNWXg3Wvw1kxh+WTnReVnlD4tcV7 jWlMgVOgCucWXGYXauB1b2nUTAXq5f/gjaCOF/yTi0jVuqgW9tI=
    =zSO4
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)