SUSE-SU-2026:20795-1 Security update for dpkg

This update for dpkg fixes the following issue: - CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service bsc1259385...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

EUVD-2010-2804

Malware in sbrugna...

EUVD-2006-0345

Malware in sbrugna...

SUSE CVE-2019-13453

Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32 and zipfile.cpp:Zipfile::Zipfile...

Important: golang

Issue Overview: A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A validation flaw was found in golang. When invoking functions from WASM modules built...

SUSE CVE-2011-1471

Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...

SUSE CVE-2019-9923

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers...

Design/Logic Flaw

Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32 and zipfile.cpp:Zipfile::Zipfile...

UBUNTU-CVE-2019-13453

Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32 and zipfile.cpp:Zipfile::Zipfile...

SUSE-SU-2019:0926-1 Security update for tar

This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in paxdecodeheader bsc1130496. - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file...

Ubuntu 16.04 LTS : P7ZIP vulnerabilities (USN-3913-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3913-1 advisory. It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially...

CVE-2019-9923

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers...

CVE-2019-9923

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers...

CVE-2019-9923

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers...

USN-3913-1: P7ZIP vulnerabilities

It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to abitrary code execution...

USN-3913-1 p7zip vulnerabilities

It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to abitrary code execution...

USN-3736-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10209, CVE-2016-10349, CVE-2016-10350 Agostino Sarubbo discovered tha...