|
|
Subscribe / Log in / New account

Debian alert DLA-3022-1 (dpkg)



From:
              Salvatore Bonaccorso <carnil@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3022-1] dpkg security update


Date:
              Wed, 25 May 2022 15:46:54 +0000


Message-ID:
              <E1nttDq-0008Ow-KK@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3022-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                 Salvatore Bonaccorso
May 25, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : dpkg
Version        : 1.18.26
CVE ID         : CVE-2022-1664

Max Justicz reported a directory traversal vulnerability in
Dpkg::Source::Archive in dpkg, the Debian package management system.
This affects extracting untrusted source packages in the v2 and v3
source package formats that include a debian.tar.

For Debian 9 stretch, this problem has been fixed in version
1.18.26.

We recommend that you upgrade your dpkg packages.

For the detailed security status of dpkg please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/dpkg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKOTlZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RTPg//XGA+5fKdTCNBYP3+vUl2Uzab8R6GOZlRjljfX4htFwLzHGVe/v/6dy6P
4lYHGFeRV8PrWhpU7lwnDC6dIu9jDyuGXFh8hwa1SZUH1/ZtrjTozLdIc1WVj2OO
QZu4O9nAuWkUhWbd6D8+wegHML2A2Ywx1SpcWrFhe3Z2eg9WIQ0YvLx/tw7Kn+wX
u4UlEKw9ZvkH/SMZJ7TaImQsHh19Ba9O4JxlVeOw0bzYLjmQZpv0epRUEnwFy+Lm
q/APvG8F4FaK1tqvIOa4UzjdBAwOsNnmuNfk3AMybg1gie/HYP30RvnAcD7yAL+G
8RBNJ+wnPEs7ubz/5sYRn8sj35nIEjyXKodI7h1hqps4N7DRG3Dkz79wGDMdLfHk
8LnN67+LMFTwM52XJuKVewQMqgCYqq9mNgKptsUU1K9sRYfowt78Fegvkq9JObZ3
dekTgoZbd7KlyGlDY7U0PruUmUT6c9zi/rLKzLDOV5JwblggLPUW5GZ3WgqIxVf6
YVmd8cil2bNA7xNTlCM8DBuWYaNpiTiT7XE2rOlaHDj0xz2plwYrUJvPOoTIwvVx
JEY6IrV0DFfzzCCCjbepI33qxs7ifjTFoIABBOenVuXZ4RM4Dvi3ZdXNhkAojPOJ
QG01IGekLxt8F4RAGVi1fCM5NEf6vGNXG2WufZg9B6cnxywUsG8=
=QcTv
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds