CVE-2017-8283

Name of the Vulnerable Software and Affected Versions dpkg versions 1.3.0 through 1.18.23

Description The issue allows remote attackers to conduct directory traversal attacks via a crafted Debian source package. This is possible because dpkg-source in dpkg does not offer a protection mechanism for blank-indented diff hunks when using a non-GNU patch program.

Recommendations For versions 1.3.0 through 1.18.23, consider updating to a version that includes a fix for this issue, as using a non-GNU patch program without proper protection mechanisms poses a significant risk. As a temporary workaround, restrict the use of dpkg-source with non-GNU patch programs to minimize the risk of exploitation.