CVE-2017-8283 dpkg

Metadata

high
7.5
dpkg
CVE-2017-8283
2017-06-18 07:51
CVE-2017-8283
2017-06-16 19:22
2017-05-23 05:03
2017-05-18 12:03
2017-04-30 05:03
2017-04-27 05:03
2017-04-26 08:03

Description

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster dpkg 1.18.24
jessie dpkg None
sid dpkg 1.18.24
stretch dpkg 1.18.24
wheezy dpkg None