MGASA-2025-0204

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0204.html

Import Source

https://advisories.mageia.org/MGASA-2025-0204.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2025-0204

Related

CVE-2025-6297

Published

2025-07-11T18:52:28Z

Modified

2025-07-11T18:05:23Z

Summary

Updated dpkg packages fix security vulnerabilities

Details

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / dpkg

Package

Name: dpkg
Purl: pkg:rpm/mageia/dpkg?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.21-1.mga9

Ecosystem specific

{
    "section": "core"
}