|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2011-1 (dpkg)|
|Summary:||Debian Security Advisory DSA 2011-1 (dpkg)|
The remote host is missing an update to dpkg
announced via advisory DSA 2011-1.
William Grant discovered that the dpkg-source component of dpkg, the
low-level infrastructure for handling the installation and removal of
Debian software packages, is vulnerable to path traversal attacks.
A specially crafted Debian source package can lead to file modification
outside of the destination directory when extracting the package content.
For the stable distribution (lenny), this problem has been fixed in
For the testing (squeeze) and unstable (sid) distribution this problem
will be fixed soon.
We recommend that you upgrade your dpkg packages.
Common Vulnerability Exposure (CVE) ID: CVE-2010-0396|
Debian Security Information: DSA-2011 (Google Search)
XForce ISS Database: dpkg-dpkgsource-dir-traversal(56887)
|Copyright||Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com|
|This is only one of 49323 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.