Wind River Support Network


LIN6-7417 : Security Advisory - dpkg - CVE-2014-3127

Created: May 15, 2014    Updated: Dec 3, 2018
Resolved Date: Jun 5, 2014
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


dpkg 1.17.x before 1.17.9, 1.16.x before 1.16.14, and 1.15.x before 1.15.10 for Debian squeeze and wheezy supports C-style encoded filenames while the patch program does not, which introduces an interaction error that allows attackers to conduct directory traversal attacks and create files outside of the intended directories via a crafted package.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-0471.

Other Downloads

Live chat