Dpkg parse_error_msg Function Format String Vulnerability
Release date:
Updated on:
Affected Systems:
Debian dpkg 1.16.13
Description:
CVE (CAN) ID: CVE-2014-8625
Dpkg is a suite management system specially developed for "Debian" to facilitate software installation, update, and removal.
Dpkg versions earlier than 1.17.22, parsehelp. c's parse_error_msg function has multiple format string vulnerabilities. Remote attackers can exploit this vulnerability to cause denial of service or arbitrary code execution through the format string indicator in the package or architecture name.
<* Source: vendor
Link: http://xforce.iss.net/xforce/xfdb/98551
*>
Suggestion:
Vendor patch:
Debian
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://packages.debian.org/search? Keywords = dpkg
Https://bugs.debian.org/cgi-bin/bugreport.cgi? Bug = 768485
This article permanently updates the link address: