CVE-2015-0840

Related Files

Ubuntu Security Notice USN-2566-1

Posted Apr 10, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2566-1 - Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

tags | advisory, remote, local

systems | linux, ubuntu

advisories | CVE-2015-0840

SHA-256 | 6cf9f3e41298a6212ac8a4bcd8c602d537ac9410e0524b541502765d10e1b336

Download | Favorite | View

Debian Security Advisory 3217-1

Posted Apr 9, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3217-1 - Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.

tags | advisory, local

systems | linux, debian

advisories | CVE-2015-0840

SHA-256 | 66567458b5c55f0422e2fb70b36cadea666fe817ca19700b553c62b88cca0cbf

Download | Favorite | View