{"id":"USN-2183-2","summary":"dpkg vulnerability","details":"USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered\nthat the fix introduced a vulnerability in releases with an older version\nof the patch utility. This update fixes the problem.\n\nOriginal advisory details:\n\n Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when\n unpacking source packages. If a user or an automated system were tricked\n into unpacking a specially crafted source package, a remote attacker could\n modify files outside the target unpack directory, leading to a denial of\n service or potentially gaining access to the system.\n","modified":"2026-04-22T08:48:48.470434Z","published":"2014-05-01T14:19:26Z","related":["UBUNTU-CVE-2014-0471","UBUNTU-CVE-2014-3127"],"upstream":["CVE-2014-0471","UBUNTU-CVE-2014-0471"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2183-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0471"}],"affected":[{"package":{"name":"dpkg","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/dpkg@1.17.5ubuntu5.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.5ubuntu5.2"}]}],"versions":["1.16.12ubuntu1","1.17.1ubuntu1","1.17.5ubuntu1","1.17.5ubuntu2","1.17.5ubuntu3","1.17.5ubuntu4","1.17.5ubuntu5","1.17.5ubuntu5.1"],"ecosystem_specific":{"binaries":[{"binary_name":"dpkg","binary_version":"1.17.5ubuntu5.2"},{"binary_name":"dselect","binary_version":"1.17.5ubuntu5.2"},{"binary_name":"libdpkg-perl","binary_version":"1.17.5ubuntu5.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2183-2.json"}}],"schema_version":"1.7.5"}