Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.17.5ubuntu5.5", "binary_name": "dpkg" }, { "binary_version": "1.17.5ubuntu5.5", "binary_name": "dpkg-dbgsym" }, { "binary_version": "1.17.5ubuntu5.5", "binary_name": "dpkg-dev" }, { "binary_version": "1.17.5ubuntu5.5", "binary_name": "dselect" }, { "binary_version": "1.17.5ubuntu5.5", "binary_name": "dselect-dbgsym" }, { "binary_version": "1.17.5ubuntu5.5", "binary_name": "libdpkg-dev" }, { "binary_version": "1.17.5ubuntu5.5", "binary_name": "libdpkg-perl" } ] }