ALT-PU-2015-1131-1
Closed vulnerabilities
Published: 2015-01-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-8625
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Severity: MEDIUM (6.8)
References:
- FEDORA-2015-6974
- FEDORA-2015-6974
- [oss-security] 20141106 CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
- [oss-security] 20141106 CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
- [oss-security] 20141106 Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
- [oss-security] 20141106 Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
- [oss-security] 20141106 Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
- [oss-security] 20141106 Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485
- https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
- https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
- dpkg-format-sting(98551)
- dpkg-format-sting(98551)