Ubuntu 24.04 LTS / 25.10 : dpkg vulnerability (USN-8249-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8249-1 advisory. Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were trick...

PT-2026-39177

Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...

dpkg-1.22.22-1.1 on GA media (moderate)

dpkg-1.22.22-1.1 on GA media Announcement ID: openSUSE-SU-2026:10675-1 Rating: moderate Cross-References: CVE-2026-2219 CVSS scores: CVE-2026-2219 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2026-2219 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N...

OPENSUSE-SU-2026:10675-1 dpkg-1.22.22-1.1 on GA media

These are all security issues fixed in the dpkg-1.22.22-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в dpkg

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory. This behavior is documented as being a safe operation even on untrusted data. This may result in temporary files being left behind during cleanup. Given...

Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

ROOT-OS-DEBIAN-12-CVE-2025-6297 CVE-2025-6297 in rootio-dpkg - Patched by Root

Root has patched CVE-2025-6297 in the rootio-dpkg package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-2219 CVE-2026-2219 in rootio-dpkg - Patched by Root

Root has patched CVE-2026-2219 in the rootio-dpkg package for Root:Debian:12. Multiple fixed versions available...

SUSE-SU-2026:20795-1 Security update for dpkg

This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...

CVE-2026-2219

A flaw was found in dpkg-deb, a component of the Debian package management system. This vulnerability allows a local user to trigger a Denial of Service DoS by providing a specially crafted zstd-compressed .deb archive. The flaw occurs because dpkg-deb does not properly validate the end of the da...

EUVD-2026-10138

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

DEBIAN-CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

dpkg-deb 安全漏洞

dpkg-deb is a package manager in Linux developed by the Debian community. dpkg-deb has a security vulnerability that stems from improper validation of the end of the data stream when decompressing.deb archives compressed with zstd, which could lead to a denial-of-service attack...

TencentOS Server 4: dpkg (TSSA-2025:0522)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0522 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CLSA-2025-1760024944 Fix CVE(s): CVE-2025-6297

SECURITY UPDATE: Fix directory cleanup vulnerability - dpkg-deb/info.c: Fix cleanup for control member with restricted directories - Add treewalk to set proper permissions before removal for non-root users - CVE-2025-6297...