MGASA-2026-0116 Updated opam packages fix security vulnerability

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...

FreeBSD : devel/ocaml-opam -- CWE-24 Path Traversal: '../filedir' (9b5d6fbb-4893-11f1-82bf-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9b5d6fbb-4893-11f1-82bf-3c7c3fba4204 advisory. https://github.com/ocaml/opam/releases/tag/2.5.1 reports: In OCaml opam before 2.5.1, a .install field...

SUSE CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

A flaw was found in OCaml opam. A malicious package containing a crafted .install field with directory traversal sequences allows an attacker to write files to arbitrary locations, potentially overwriting system files and causing arbitrary code execution. Mitigation To mitigate this vulnerability...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

UBUNTU-CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

EUVD-2026-23288

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

OCaml opam before 2.5.1 is affected: a .install field containing a destination filepath can traverse to a parent directory via ../, enabling potential path traversal. The issue is fixed in opam 2.5.1 (see OCaml/opam release 2.5.1). Affected component: opam’s packaging/install logic; root cause: i...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

PT-2026-33355

Name of the Vulnerable Software and Affected Versions opam versions prior to 2.5.1 Description A directory traversal issue exists where a .install field containing a destination filepath can use ../ to reach a parent directory. Recommendations Update to version 2.5.1...