Ubuntu alert USN-7768-1 (dpkg)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7768-1] dpkg vulnerability | |
| Date: | Wed, 24 Sep 2025 16:19:08 +0000 | |
| Message-ID: | <E1v1SCy-00032N-BG@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7768-1 September 24, 2025 dpkg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: dpkg could be made to consume disk space if it opened a specially crafted file. Software Description: - dpkg: Debian package management system Details: It was discovered that dpkg incorrectly handled removing certain temporary directories. An attacker could possibly use this issue to consume disk space, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 dpkg 1.22.18ubuntu2.2 libdpkg-perl 1.22.18ubuntu2.2 Ubuntu 24.04 LTS dpkg 1.22.6ubuntu6.5 libdpkg-perl 1.22.6ubuntu6.5 Ubuntu 22.04 LTS dpkg 1.21.1ubuntu2.6 libdpkg-perl 1.21.1ubuntu2.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7768-1 CVE-2025-6297 Package Information: https://launchpad.net/ubuntu/+source/dpkg/1.22.18ubuntu2.2 https://launchpad.net/ubuntu/+source/dpkg/1.22.6ubuntu6.5 https://launchpad.net/ubuntu/+source/dpkg/1.21.1ubuntu2.6
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjUGcQACgkQcpJm3tlz hgFreQ/+IXjnY0/VKNIIPrXpXg6QObGnW1y/NMwFAkqJILGZ1OQ2mA3fjraqPdBJ oE89fQ2Aos0NuzXJ+LkYLZC8Yu8cXbnb+GdzeO079E0vlri57wWnHih7R8bmxG80 o3L4MU+Cy43McTX9szIwFz+TiRhJTOP08zuTkl9LjQgu7IThZaiG7rPtcT26/FSF KDWXv74Qhnwgwg8WC8fxwOY8sxv8aB+I7365Nw0ZtrSzxupx50UIxWBvYrzIZ0RR k3BAE2jSsYCi00itpjZELUqlSUYUSZ5zpVUO/jZ/9hsnIrsf8U9i7qMzrQVFVZuC YO6AC97uLZq0WTNwUZe7Ne6lQkgchU9h//C/9fSoqsvUXMDlZpqtP24pS3nJFfap MdqgznGvH2eucfT3A50MZETCopa9Dpwv+AZ2ClElKkapXps1znkJTt82k0v+OBih t5TCHmwtVD3GLjwJ2Xs208d1eOf3tEx1XimckDAmvkl65CZhAYZlyLwM2pdNnK2t WxjWlSvgghKte+S5hPNHC90fP8u1JNr+h5bGoYWj1uGQRiUCHV70ANLIUP55+Cju k2FH60cpNjiAxG9zIvvyP9bsaitNw9qoYQiyXIcV677hKiUXpRcaAIn0YYR2XexK o5v/iyjaPes+K9AyRXx+ncRTOy67apD1bmPeaTltc0Np5GPCzIc= =cTHy -----END PGP SIGNATURE-----