A flaw was found dpkg which allows an attacker to perform a directory traversal by extracting with "dpkg-deb --raw-extract" a crafted .deb file with a /DEBIAN symlink Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879982 Patch: https://anonscm.debian.org/cgit/dpkg/dpkg.git/diff/?id=5003d76
Created dpkg tracking bugs for this issue: Affects: epel-all [bug 1537794] Affects: fedora-all [bug 1537793]