ALT Linux Team

Branch sisyphus update on 2015-04-24

2015-04-24

ALT-BU-2015-2425-1

Branch sisyphus update bulletin.

ALT-PU-2015-1397-1

Package parallel updated to version 20150422-alt1 for branch sisyphus in task 143475.

Closed vulnerabilities

Published: 2015-06-02
Modified: 2025-04-12

CVE-2015-4155

GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.

Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
References:
Published: 2015-06-02
Modified: 2025-04-12

CVE-2015-4156

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.

Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
References:

ALT-PU-2015-1399-1

Package dpkg updated to version 1.17.25-alt1 for branch sisyphus in task 143500.

Closed vulnerabilities

Published: 2015-04-13
Modified: 2025-04-12

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2017-04-26
Modified: 2025-04-20

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top