{"id":"USN-2183-1","summary":"dpkg vulnerability","details":"Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when\nunpacking source packages. If a user or an automated system were tricked\ninto unpacking a specially crafted source package, a remote attacker could\nmodify files outside the target unpack directory, leading to a denial of\nservice or potentially gaining access to the system.\n","modified":"2026-04-22T08:48:58.371917Z","published":"2014-04-28T12:58:53Z","related":["UBUNTU-CVE-2014-0471"],"upstream":["CVE-2014-0471","UBUNTU-CVE-2014-0471"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2183-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0471"}],"affected":[{"package":{"name":"dpkg","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/dpkg@1.17.5ubuntu5.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.5ubuntu5.1"}]}],"versions":["1.16.12ubuntu1","1.17.1ubuntu1","1.17.5ubuntu1","1.17.5ubuntu2","1.17.5ubuntu3","1.17.5ubuntu4","1.17.5ubuntu5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"dpkg","binary_version":"1.17.5ubuntu5.1"},{"binary_name":"dselect","binary_version":"1.17.5ubuntu5.1"},{"binary_name":"libdpkg-perl","binary_version":"1.17.5ubuntu5.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2183-1.json","cves_map":{"cves":[{"id":"CVE-2014-0471","severity":[{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}