Advisories » MGASA-2015-0482

Updated dpkg packages fix CVE-2015-0860

Publication date: 23 Dec 2015
Modification date: 23 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-0860

Description

Updated dpkg packages fix security vulnerability:

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component
of dpkg. This flaw could potentially lead to arbitrary code execution if a user
or an automated system were tricked into processing a specially crafted Debian
binary package (.deb) in the old style Debian binary package format
(CVE-2015-0860).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17239
• https://www.debian.org/security/2015/dsa-3407
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0860

SRPMS

5/core

• dpkg-1.17.26-1.mga5