CVE-2015-0840
First published: Mon Apr 13 2015(Updated: )
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| dpkg-dev | <=1.16.15 | |
| dpkg-dev | =1.17.0 | |
| dpkg-dev | =1.17.1 | |
| dpkg-dev | =1.17.2 | |
| dpkg-dev | =1.17.3 | |
| dpkg-dev | =1.17.4 | |
| dpkg-dev | =1.17.5 | |
| dpkg-dev | =1.17.6 | |
| dpkg-dev | =1.17.7 | |
| dpkg-dev | =1.17.8 | |
| dpkg-dev | =1.17.9 | |
| dpkg-dev | =1.17.10 | |
| dpkg-dev | =1.17.11 | |
| dpkg-dev | =1.17.12 | |
| dpkg-dev | =1.17.13 | |
| dpkg-dev | =1.17.14 | |
| dpkg-dev | =1.17.15 | |
| dpkg-dev | =1.17.16 | |
| dpkg-dev | =1.17.17 | |
| dpkg-dev | =1.17.18 | |
| dpkg-dev | =1.17.19 | |
| dpkg-dev | =1.17.20 | |
| dpkg-dev | =1.17.21 | |
| dpkg-dev | =1.17.22 | |
| dpkg-dev | =1.17.23 | |
| dpkg-dev | =1.17.24 | |
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =14.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0840?
CVE-2015-0840 is classified as a medium severity vulnerability due to its potential to allow remote attackers to bypass signature verification.
How do I fix CVE-2015-0840?
To fix CVE-2015-0840, you should upgrade Debian dpkg to version 1.16.16 or later, or 1.17.x to 1.17.25 or later.
What versions of Debian dpkg are affected by CVE-2015-0840?
CVE-2015-0840 affects Debian dpkg versions prior to 1.16.16 and specific 1.17.x versions before 1.17.25.
What is the nature of the vulnerability in CVE-2015-0840?
CVE-2015-0840 allows attackers to bypass signature verification through a crafted Debian source control file (.dsc).
Is CVE-2015-0840 specific to certain operating systems?
Yes, CVE-2015-0840 primarily affects Debian and Ubuntu Linux distributions using the affected versions of dpkg.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/dpkg-dev
- version/dpkg-dev/1.16.15
- version/dpkg-dev/1.17.0
- version/dpkg-dev/1.17.1
- version/dpkg-dev/1.17.2
- version/dpkg-dev/1.17.3
- version/dpkg-dev/1.17.4
- version/dpkg-dev/1.17.5
- version/dpkg-dev/1.17.6
- version/dpkg-dev/1.17.7
- version/dpkg-dev/1.17.8
- version/dpkg-dev/1.17.9
- version/dpkg-dev/1.17.10
- version/dpkg-dev/1.17.11
- version/dpkg-dev/1.17.12
- version/dpkg-dev/1.17.13
- version/dpkg-dev/1.17.14
- version/dpkg-dev/1.17.15
- version/dpkg-dev/1.17.16
- version/dpkg-dev/1.17.17
- version/dpkg-dev/1.17.18
- version/dpkg-dev/1.17.19
- version/dpkg-dev/1.17.20
- version/dpkg-dev/1.17.21
- version/dpkg-dev/1.17.22
- version/dpkg-dev/1.17.23
- version/dpkg-dev/1.17.24
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/14.10