Описание
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dpkg | fixed | 1.17.22 | package | |
| dpkg | fixed | 1.16.16 | wheezy | package |
| dpkg | not-affected | squeeze | package |
Примечания
Rendered non-exploitable by toolchain hardening
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
Regression introduced with https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=0b8652b226a7601dfd71471797d15168a7337242 (1.16.2)
Связанные уязвимости
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.