CVE-2015-0840

dpkg < 1.16.16 and 1.17.x < 1.17.25 - Improper Access Control via Crafted Debian Source Control File

Title source: llm
STIX 2.1

Description

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

References (4)

Core 4
Core References
Patch vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2566-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3217

Scores

EPSS 0.0184
EPSS Percentile 76.4%

Details

CWE
CWE-284
Status published
Products (30)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
debian/dpkg 1.17.0
debian/dpkg 1.17.1
debian/dpkg 1.17.2
debian/dpkg 1.17.3
debian/dpkg 1.17.4
debian/dpkg 1.17.5
... and 20 more
Published Apr 13, 2015
Tracked Since Feb 18, 2026