Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2560 dpkg security update 26 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dpkg Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-1664 Original Bulletin: http://www.debian.org/lts/security/2022/dla-3022 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3022-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Salvatore Bonaccorso May 25, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : dpkg Version : 1.18.26 CVE ID : CVE-2022-1664 Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar. For Debian 9 stretch, this problem has been fixed in version 1.18.26. We recommend that you upgrade your dpkg packages. For the detailed security status of dpkg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dpkg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKOTlZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RTPg//XGA+5fKdTCNBYP3+vUl2Uzab8R6GOZlRjljfX4htFwLzHGVe/v/6dy6P 4lYHGFeRV8PrWhpU7lwnDC6dIu9jDyuGXFh8hwa1SZUH1/ZtrjTozLdIc1WVj2OO QZu4O9nAuWkUhWbd6D8+wegHML2A2Ywx1SpcWrFhe3Z2eg9WIQ0YvLx/tw7Kn+wX u4UlEKw9ZvkH/SMZJ7TaImQsHh19Ba9O4JxlVeOw0bzYLjmQZpv0epRUEnwFy+Lm q/APvG8F4FaK1tqvIOa4UzjdBAwOsNnmuNfk3AMybg1gie/HYP30RvnAcD7yAL+G 8RBNJ+wnPEs7ubz/5sYRn8sj35nIEjyXKodI7h1hqps4N7DRG3Dkz79wGDMdLfHk 8LnN67+LMFTwM52XJuKVewQMqgCYqq9mNgKptsUU1K9sRYfowt78Fegvkq9JObZ3 dekTgoZbd7KlyGlDY7U0PruUmUT6c9zi/rLKzLDOV5JwblggLPUW5GZ3WgqIxVf6 YVmd8cil2bNA7xNTlCM8DBuWYaNpiTiT7XE2rOlaHDj0xz2plwYrUJvPOoTIwvVx JEY6IrV0DFfzzCCCjbepI33qxs7ifjTFoIABBOenVuXZ4RM4Dvi3ZdXNhkAojPOJ QG01IGekLxt8F4RAGVi1fCM5NEf6vGNXG2WufZg9B6cnxywUsG8= =QcTv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYo69A8kNZI30y1K9AQgidg/7B2C/t0LqrekP1wqkh7CMpiLWxc9ZvchB MyfbEDVGqLOI5LQA5UU2Y9mdbiKM7Bc5jntDjNhfRl3OwDH2mWViSiPycpC7C4l4 pc9Pmyj30NDIxmQK/GKubz14F0x/N4KD2F6BJDWsKOv6MJHBmDyQF1Wy280D2NQJ neol1JxIIWBU1kt2d5pyoXK2KtRZbkg3UcHP4TUdcHKlzxBZZVtg3uBvAxffNSkY aJT1xuKJ8QMzX2pQQ2fCUM6qJTyL6XIzsRscXLc2dne2QRVGZJGVwOa8KkyMLI3U oiXF5T8IS/CKpjmB19ajFsUxQxSU/fGl1jmlrnz1FVNokp/Hyc839q0J6Lc9RiAw /W478jwPdOUO2W3sPYm5F0+M4KTL2aVvtrrpbn2M505xBgX4/Fq8AQd5qUK3wF32 3QnWVIXGd2Pp2ojoztYH1lu+UVyM62tjodSYYscye0020rGYeG/37kM48UcYdILy yXVRhKEMeX5Rrj6yK1qshrFYksWXJEpN28nc7QIqbmDHlpljcIisY09CoIyFMA9b 0hUy8R08Ps+QZ7XiveyEthmxDkeoiu6YJzdikDyS+QeOg5ZsMjFCAEt2MGu4eGhH 9mOY3+s5NBNRuRJJD7EMC8g6TjT21XrMPoM3zkZdPZZUF7BRPrtvXmEuGdOGbqFG MNrfcp7q58s= =VwNn -----END PGP SIGNATURE-----