Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Mageia 9 dpkg Critical Denial of Service Advisory MGASA-2026-0144

mageia
Calendar Grey May 16, 2026
Dist Mageia Esm H88
Critical advisory for Mageia 9 addressing dpkg security flaws that may lead to denial of service. Immediate action required.
MGASA-2026-0144 - Updated dpkg packages fix security vulnerabilities

Summary

Description: It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

References

- https://bugs.mageia.org/show_bug.cgi?id=35489

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3QFBK2ZJ4T5BTAWBSDBQLVRZQKJEAJEX/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2219

Resolution

SRPMS

- 9/core/dpkg-1.22.22-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 16 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0144.html
Type: security
CVE: CVE-2026-2219

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here