CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
| Software | From | Fixed in |
|---|---|---|
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| canonical / ubuntu_linux | 15.10 | 15.10.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 15.04 | 15.04.x |
| debian / dpkg | 1.17.14 | 1.17.14.x |
| debian / dpkg | 1.17.24 | 1.17.24.x |
| debian / dpkg | 1.16.0 | 1.16.0.x |
| debian / dpkg | 1.17.3 | 1.17.3.x |
| debian / dpkg | 1.17.11 | 1.17.11.x |
| debian / dpkg | 1.17.6 | 1.17.6.x |
| debian / dpkg | 1.17.7 | 1.17.7.x |
| debian / dpkg | 1.16.4.2 | 1.16.4.2.x |
| debian / dpkg | 1.16.4 | 1.16.4.x |
| debian / dpkg | 1.16.1.1 | 1.16.1.1.x |
| debian / dpkg | 1.16.5 | 1.16.5.x |
| debian / dpkg | 1.17.22 | 1.17.22.x |
| debian / dpkg | 1.17.18 | 1.17.18.x |
| debian / dpkg | 1.17.1 | 1.17.1.x |
| debian / dpkg | 1.16.11 | 1.16.11.x |
| debian / dpkg | 1.16.2 | 1.16.2.x |
| debian / dpkg | 1.16.1 | 1.16.1.x |
| debian / dpkg | 1.17.19 | 1.17.19.x |
| debian / dpkg | 1.17.23 | 1.17.23.x |
| debian / dpkg | 1.17.8 | 1.17.8.x |
| debian / dpkg | 1.16.8 | 1.16.8.x |
| debian / dpkg | 1.17.13 | 1.17.13.x |
| debian / dpkg | 1.16.6 | 1.16.6.x |
| debian / dpkg | 1.16.0.3 | 1.16.0.3.x |
| debian / dpkg | 1.17.4 | 1.17.4.x |
| debian / dpkg | 1.17.21 | 1.17.21.x |
| debian / dpkg | 1.17.25 | 1.17.25.x |
| debian / dpkg | 1.17.17 | 1.17.17.x |
| debian / dpkg | 1.16.12 | 1.16.12.x |
| debian / dpkg | 1.16.4.1 | 1.16.4.1.x |
| debian / dpkg | 1.16.3 | 1.16.3.x |
| debian / dpkg | 1.17.9 | 1.17.9.x |
| debian / dpkg | 1.17.15 | 1.17.15.x |
| debian / dpkg | 1.16.15 | 1.16.15.x |
| debian / dpkg | 1.16.1.2 | 1.16.1.2.x |
| debian / dpkg | 1.17.20 | 1.17.20.x |
| debian / dpkg | 1.16.7 | 1.16.7.x |
| debian / dpkg | 1.17.10 | 1.17.10.x |
| debian / dpkg | 1.16.9 | 1.16.9.x |
| debian / dpkg | 1.16.10 | 1.16.10.x |
| debian / dpkg | 1.17.12 | 1.17.12.x |
| debian / dpkg | 1.17.16 | 1.17.16.x |
| debian / dpkg | 1.17.0 | 1.17.0.x |
| debian / dpkg | 1.17.5 | 1.17.5.x |
| debian / dpkg | 1.16.0.2 | 1.16.0.2.x |
| debian / dpkg | 1.16.0.1 | 1.16.0.1.x |
| debian / dpkg | 1.16.4.3 | 1.16.4.3.x |
| debian / dpkg | 1.17.2 | 1.17.2.x |
- http://www.debian.org/security/2015/dsa-3407
- http://www.ubuntu.com/usn/USN-2820-1
- https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
- https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324
- https://security.gentoo.org/glsa/201612-07
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime