MGASA-2026-0144 Updated dpkg packages fix security vulnerabilities

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

Malicious code in gleaming_crow_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 505f911c5c2b2567a211ac4622b2b5ef94396b4b0132607297b5e59886e821e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

[SECURITY] Fedora 42 Update: python-pip-24.3.1-5.fc42

pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...

OESA-2025-2287 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 3 Summary: A...

[SECURITY] Fedora 41 Update: dpkg-1.22.20-1.fc41

This package provides the low-level infrastructure for handling the installation and removal of Debian software packages. This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to...

The vulnerability of the `gf_opus_parse_packet_header` function in the `media_tools/av_parsers.c` file, implemented by the MP4Box packaging tool for the GPAC multimedia platform, allows a hacker to cause a service failure.

The vulnerability of the gfopusparsepacketheader function in the mediatools/avparsers.c file, belonging to the MP4Box packaging tool of the GPAC multimedia platform, is related to the lack of checks for division by zero. Exploiting this vulnerability could allow a remote attacker to cause service...

The vulnerability of the `gf_opus_parse_packet_header` function in the `media_tools/av_parsers.c` file, implemented by the MP4Box packaging tool for the GPAC multimedia platform, allows a hacker to trigger a service failure.

The vulnerability of the gfopusparsepacketheader function in the mediatools/avparsers.c file, belonging to the MP4Box packaging tool of the GPAC multimedia platform, is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service...

The vulnerability of the filein_process function in the in_file.c file of the MP4Box packaging tool for the GPAC multimedia platform, related to buffer overflow in the stack, allows a attacker to cause a service failure.

The vulnerability of the fileinprocess function in the MP4Box packaging tool of the GPAC multimedia platform is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...

nFPM 安全漏洞

nFPM is a GoReleaser open source simple deb, rpm and apk packaging program written in Go. There is a security vulnerability in nFPM that stems from the fact that anyone using nFPM to create packages without checking/setting file permissions prior to packaging can result in incorrect permissions o...

[SECURITY] Fedora 35 Update: pipenv-2021.5.29-7.fc35

The Python packaging tool that aims to bring the best of all packaging worlds bundler, composer, npm, cargo, yarn, etc. to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages. I...

The vulnerability of the p_lx_elf.cpp component in the UPX executable file packaging mechanism, which involves reading data beyond the allowed buffer size, allows attackers to access confidential information and cause system failures.

The vulnerability of the plxelf.cpp component in the UPX executable file packaging tool is related to reading data beyond the allowed buffer size. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service interruptions...

USN-4961-1 python-pip vulnerability

It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository...

DEBIAN-CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

USN-3863-1 apt vulnerability

Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...

UBUNTU-CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

BSDCPIO Symbolic Link Directory Traversal Vulnerability

BSDCPIO is a packaging tool. A directory traversal vulnerability exists in the BSDCPIO symbolic link, which allows an attacker to build malicious files and trick applications into processing them, which can be used to obtain sensitive information...

Security Update: [CSSA-2001-SCO.5] UnixWare: packaging tool exploits

To: [email protected] [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: UnixWare: packaging tool exploits Advisory number: CSSA-2001-SCO.5 Issue date: 2001 June 29 Cross reference: 1. Problem Description The...