138 matches found
USN-8109-1: Debian Goodies vulnerability
Jakub Wilk discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...
CLSA-2026-1773411204 Update of alt-php
Move gpg key and repo installation from debian/install to postinst Add support for multiple deb platforms...
CVE-2026-2219
A flaw was found in dpkg-deb, a component of the Debian package management system. This vulnerability allows a local user to trigger a Denial of Service DoS by providing a specially crafted zstd-compressed .deb archive. The flaw occurs because dpkg-deb does not properly validate the end of the da...
EUVD-2026-10138
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
CVE-2026-2219
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
CVE-2026-2219
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
CVE-2026-2219
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
CVE-2026-2219
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
CVE-2026-2219
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
dpkg-deb 安全漏洞
dpkg-deb is a package manager in Linux developed by the Debian community. dpkg-deb has a security vulnerability that stems from improper validation of the end of the data stream when decompressing.deb archives compressed with zstd, which could lead to a denial-of-service attack...
SUSE-SU-2026:0631-1 Security update 5.1.2 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header...
Security update 5.1.2 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Backport security patches for Salt vendored tornado: CVE-2025-67724: missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fix DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fix HTTP header parameter parsing...
SUSE-SU-2026:0629-1 Security update 5.1.2 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Backport security patches for Salt vendored tornado: CVE-2025-67724: missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fix DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fix HTTP header parameter parsing...
CVE-2026-24846
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
CVE-2026-24846 malcontent's archive extraction could write outside extraction directory
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
Debian dla-4412 : libglib2.0-0 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4412 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4412-1 [email protected]...
TencentOS Server 4: dpkg (TSSA-2025:0522)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0522 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CLSA-2025-1760024944 Fix CVE(s): CVE-2025-6297
SECURITY UPDATE: Fix directory cleanup vulnerability - dpkg-deb/info.c: Fix cleanup for control member with restricted directories - Add treewalk to set proper permissions before removal for non-root users - CVE-2025-6297...
EUVD-2021-14828
Malware in sbrugna...
EUVD-2015-0871
Malware in sbrugna...