USN-8256-1 opam vulnerability

Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...

[SECURITY] Fedora 43 Update: opam-2.5.1-1.fc43

Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...

opam 安全漏洞

OPAM is an open-source source code manager for the OCaml language developed by OCaml. Versions of OPAM prior to 2.5.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability to access parent directories using "../ in the .install field, which could lead to path traversa...

Linux Distros Unpatched Vulnerability : CVE-2026-41082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082 Note that Nessus relies o...