CVE-2010-0396

Name of the Vulnerable Software and Affected Versions dpkg versions prior to 1.14.29

Description A directory traversal issue exists in the dpkg-source component, allowing remote attackers to modify arbitrary files via a crafted Debian source archive. Multiple vulnerabilities in the dpkg-dev package may lead to disruption of integrity and availability of protected information, and exploitation can be done remotely.

Recommendations For versions prior to 1.14.29, update to version 1.14.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the dpkg-source component until a patch is available. Avoid using crafted Debian source archives in the affected dpkg versions to minimize the risk of exploitation.