Security update for dpkg SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02734-1 Final 1 1 2025-08-08T08:05:13Z current 2025-08-08T08:05:13Z 2025-08-08T08:05:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dpkg This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/bci-init:15.6-2025-2734,Container bci/openjdk:latest-2025-2734,Container bci/php-apache:latest-2025-2734,Container bci/php-fpm:latest-2025-2734,Container bci/python:3-2025-2734,Container bci/python:latest-2025-2734,Container bci/ruby:latest-2025-2734,Container bci/rust:1.87-2025-2734,Container bci/rust:latest-2025-2734,Container bci/spack:latest-2025-2734,Container containers/milvus:2.4-2025-2734,Container containers/ollama:0-2025-2734,Container containers/open-webui-pipelines:0-2025-2734,Container containers/open-webui:0-2025-2734,Container containers/pytorch:2-nvidia-2025-2734,Container private-registry/harbor-db:latest-2025-2734,Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest-2025-2734,Container suse/kiosk/firefox-esr:latest-2025-2734,Container suse/kiosk/pulseaudio:latest-2025-2734,Container suse/kiosk/xorg-client:latest-2025-2734,Container suse/kiosk/xorg:latest-2025-2734,Container suse/kubectl:1.31-2025-2734,Container suse/manager/4.3/proxy-httpd:latest-2025-2734,Container suse/manager/4.3/proxy-tftpd:latest-2025-2734,Container suse/rmt-server:latest-2025-2734,Container suse/sle-micro-rancher/5.2:latest-2025-2734,Container suse/sle-micro-rancher/5.3:latest-2025-2734,Container suse/sle-micro-rancher/5.4:latest-2025-2734,Container suse/sle-micro/5.1/toolbox:latest-2025-2734,Container suse/sle-micro/5.2/toolbox:latest-2025-2734,Container suse/sle-micro/5.3/toolbox:latest-2025-2734,Container suse/sle-micro/5.4/toolbox:latest-2025-2734,Container suse/sle-micro/5.5/toolbox:latest-2025-2734,Container suse/sle-micro/5.5:latest-2025-2734,Container suse/sle-micro/base-5.5:latest-2025-2734,Container suse/sle-micro/kvm-5.5:latest-2025-2734,Container suse/sle-micro/rt-5.5:latest-2025-2734,SUSE-2025-2734,SUSE-SLE-Micro-5.3-2025-2734,SUSE-SLE-Micro-5.4-2025-2734,SUSE-SLE-Micro-5.5-2025-2734,SUSE-SLE-Module-Basesystem-15-SP6-2025-2734,SUSE-SLE-Module-Basesystem-15-SP7-2025-2734,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2734,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2734,SUSE-SUSE-MicroOS-5.1-2025-2734,SUSE-SUSE-MicroOS-5.2-2025-2734,openSUSE-SLE-15.6-2025-2734 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502734-1/ Link for SUSE-SU-2025:02734-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041153.html E-Mail link for SUSE-SU-2025:02734-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1245573 SUSE Bug 1245573 https://www.suse.com/security/cve/CVE-2025-6297/ SUSE CVE CVE-2025-6297 page Container bci/bci-init:15.6 Container bci/openjdk:latest Container bci/php-apache:latest Container bci/php-fpm:latest Container bci/python:3 Container bci/python:latest Container bci/ruby:latest Container bci/rust:1.87 Container bci/rust:latest Container bci/spack:latest Container containers/milvus:2.4 Container containers/ollama:0 Container containers/open-webui-pipelines:0 Container containers/open-webui:0 Container containers/pytorch:2-nvidia Container private-registry/harbor-db:latest Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container suse/kiosk/firefox-esr:latest Container suse/kiosk/pulseaudio:latest Container suse/kiosk/xorg-client:latest Container suse/kiosk/xorg:latest Container suse/kubectl:1.31 Container suse/manager/4.3/proxy-httpd:latest Container suse/manager/4.3/proxy-tftpd:latest Container suse/rmt-server:latest Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Container suse/sle-micro/5.1/toolbox:latest Container suse/sle-micro/5.2/toolbox:latest Container suse/sle-micro/5.3/toolbox:latest Container suse/sle-micro/5.4/toolbox:latest Container suse/sle-micro/5.5/toolbox:latest Container suse/sle-micro/5.5:latest Container suse/sle-micro/base-5.5:latest Container suse/sle-micro/kvm-5.5:latest Container suse/sle-micro/rt-5.5:latest SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Development Tools 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP7 openSUSE Leap 15.6 update-alternatives-1.19.0.4-150000.4.7.1 dpkg-1.19.0.4-150000.4.7.1 dpkg-devel-1.19.0.4-150000.4.7.1 dpkg-lang-1.19.0.4-150000.4.7.1 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/bci-init:15.6 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/openjdk:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/php-apache:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/php-fpm:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/python:3 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/python:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/ruby:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/rust:1.87 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/rust:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container bci/spack:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container containers/milvus:2.4 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container containers/ollama:0 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container containers/open-webui-pipelines:0 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container containers/open-webui:0 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container containers/pytorch:2-nvidia update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container private-registry/harbor-db:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/kiosk/firefox-esr:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/kiosk/pulseaudio:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/kiosk/xorg-client:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/kiosk/xorg:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/kubectl:1.31 update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/manager/4.3/proxy-httpd:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/manager/4.3/proxy-tftpd:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/rmt-server:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro-rancher/5.2:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro-rancher/5.3:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro-rancher/5.4:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/5.1/toolbox:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/5.2/toolbox:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/5.3/toolbox:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/5.4/toolbox:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/5.5/toolbox:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/5.5:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/base-5.5:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/kvm-5.5:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of Container suse/sle-micro/rt-5.5:latest update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Micro 5.1 update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Micro 5.2 update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Micro 5.3 update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Micro 5.4 update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Micro 5.5 update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 update-alternatives-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 dpkg-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 dpkg-devel-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 dpkg-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 dpkg-devel-1.19.0.4-150000.4.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 dpkg-1.19.0.4-150000.4.7.1 as a component of openSUSE Leap 15.6 dpkg-devel-1.19.0.4-150000.4.7.1 as a component of openSUSE Leap 15.6 dpkg-lang-1.19.0.4-150000.4.7.1 as a component of openSUSE Leap 15.6 update-alternatives-1.19.0.4-150000.4.7.1 as a component of openSUSE Leap 15.6 It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. CVE-2025-6297 Container bci/bci-init:15.6:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/openjdk:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/php-apache:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/php-fpm:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/python:3:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/python:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/ruby:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/rust:1.87:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/rust:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container bci/spack:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container containers/milvus:2.4:update-alternatives-1.19.0.4-150000.4.7.1 Container containers/ollama:0:update-alternatives-1.19.0.4-150000.4.7.1 Container containers/open-webui-pipelines:0:update-alternatives-1.19.0.4-150000.4.7.1 Container containers/open-webui:0:update-alternatives-1.19.0.4-150000.4.7.1 Container containers/pytorch:2-nvidia:update-alternatives-1.19.0.4-150000.4.7.1 Container private-registry/harbor-db:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/kiosk/firefox-esr:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/kiosk/pulseaudio:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/kiosk/xorg-client:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/kiosk/xorg:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/kubectl:1.31:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/manager/4.3/proxy-httpd:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/manager/4.3/proxy-tftpd:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/rmt-server:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro-rancher/5.2:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro-rancher/5.3:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro-rancher/5.4:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/5.1/toolbox:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/5.2/toolbox:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/5.3/toolbox:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/5.4/toolbox:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/5.5/toolbox:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/5.5:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/base-5.5:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/kvm-5.5:latest:update-alternatives-1.19.0.4-150000.4.7.1 Container suse/sle-micro/rt-5.5:latest:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Micro 5.4:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Micro 5.5:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:update-alternatives-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:dpkg-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:dpkg-devel-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:dpkg-1.19.0.4-150000.4.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:dpkg-devel-1.19.0.4-150000.4.7.1 openSUSE Leap 15.6:dpkg-1.19.0.4-150000.4.7.1 openSUSE Leap 15.6:dpkg-devel-1.19.0.4-150000.4.7.1 openSUSE Leap 15.6:dpkg-lang-1.19.0.4-150000.4.7.1 openSUSE Leap 15.6:update-alternatives-1.19.0.4-150000.4.7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502734-1/ https://www.suse.com/security/cve/CVE-2025-6297.html CVE-2025-6297 https://bugzilla.suse.com/1245573 SUSE Bug 1245573