Security update for dpkg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1205-1 Final 1 1 2017-05-08T11:07:17Z current 2017-05-08T11:07:17Z 2017-05-08T11:07:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dpkg This update for dpkg fixes the following issues: This security issue was fixed: - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an 'old-style' Debian binary package, which triggered a stack-based buffer overflow (bsc#957160). This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00030.html E-Mail link for openSUSE-SU-2017:1205-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 dpkg-1.16.10-14.1 dpkg-devel-1.16.10-14.1 dpkg-lang-1.16.10-14.1 update-alternatives-1.16.10-14.1 dpkg-1.16.10-14.1 as a component of openSUSE Leap 42.1 dpkg-devel-1.16.10-14.1 as a component of openSUSE Leap 42.1 dpkg-lang-1.16.10-14.1 as a component of openSUSE Leap 42.1 update-alternatives-1.16.10-14.1 as a component of openSUSE Leap 42.1 Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. CVE-2015-0860 openSUSE Leap 42.1:dpkg-1.16.10-14.1 openSUSE Leap 42.1:dpkg-devel-1.16.10-14.1 openSUSE Leap 42.1:dpkg-lang-1.16.10-14.1 openSUSE Leap 42.1:update-alternatives-1.16.10-14.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00030.html https://www.suse.com/security/cve/CVE-2015-0860.html CVE-2015-0860 https://bugzilla.suse.com/957160 SUSE Bug 957160