Updated dpkg packages fix security vulnerabilities

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

EUVD-2026-10138

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

UBUNTU-CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

SUSE-SU-2025:20670-1 Security update for dpkg

This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed cleanup for control member with restricted directories bsc1245573...

ROS-20250904-10

The vulnerability of the dpkg-deb command line utility included in the dpkg package is related to the peculiarities of processing of temporary files by the package manager when extracting them to a temporary directory. Exploitation vulnerability could allow an attacker acting remotely to cause a...

Linux Distros Unpatched Vulnerability : CVE-2014-8625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service...

SUSE-SU-2025:02734-1 Security update for dpkg

This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. bsc1245573...

dpkg-deb 安全漏洞

dpkg-deb is a package manager in Linux from the Debian community. A security vulnerability exists in dpkg-deb that stems from improperly cleaned directory permissions and could lead to a denial of service attack...

AZL-9853 CVE-2022-1664 affecting package dpkg for versions less than 1.20.10-1

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...

dpkg 路径遍历漏洞

dpkg is a package management tool for Debian. A path traversal vulnerability exists in dpkg, which stems from a directory traversal issue. The following products and versions are affected: 1.21.8, 1.20.10, 1.19.8, 1.18.26...

apt input validation error vulnerability

apt is a command-line package manager from the Debian Project Collaboration that provides search, management, and query package information functionality. APT suffers from an input validation error vulnerability that stems from APT incorrectly processing certain software packages. A local attacke...

dpkg directory traversal vulnerability (CNVD-2017-06898)

dpkg is a suite management system developed specifically for Debian to facilitate the installation, update and removal of software. A directory traversal vulnerability exists in dpkg. dpkg's unpacking feature is vulnerable to a directory traversal vulnerability. A remote attacker can exploit this...

DEBIAN-CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

DSA-3217-1 dpkg - security update

Bulletin has no description...

USN-2242-1 dpkg vulnerabilities

It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service...