dpkg-1.22.21-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16376 Final 1 1 2025-07-06T00:00:00Z current 2025-07-06T00:00:00Z 2025-07-06T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dpkg-1.22.21-1.1 on GA media These are all security issues fixed in the dpkg-1.22.21-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16376 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-6297/ SUSE CVE CVE-2025-6297 page openSUSE Tumbleweed dpkg-1.22.21-1.1 dpkg-devel-1.22.21-1.1 dpkg-lang-1.22.21-1.1 dpkg-1.22.21-1.1 as a component of openSUSE Tumbleweed dpkg-devel-1.22.21-1.1 as a component of openSUSE Tumbleweed dpkg-lang-1.22.21-1.1 as a component of openSUSE Tumbleweed It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. CVE-2025-6297 openSUSE Tumbleweed:dpkg-1.22.21-1.1 openSUSE Tumbleweed:dpkg-devel-1.22.21-1.1 openSUSE Tumbleweed:dpkg-lang-1.22.21-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6297.html CVE-2025-6297 https://bugzilla.suse.com/1245573 SUSE Bug 1245573