Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisoryarbitrary code executionUbuntuUbuntu 26.04 LTS opam Important File Installation Issue USN-8256-1
opam could be made to install files in unintended locations if it installed a specially crafted package.. ========================================================================== Ubuntu Security Notice USN-8256-1 May 07, 2026 opam vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: opam could be made to install files in unintended locations if it installed a specially crafted package. Software Description: - opam: package manager for OCaml Details: Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS opam 2.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro opam-installer 2.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 25.10 opam 2.3.0-1+deb13u1build0.25.10.1 opam-installer 2.3.0-1+deb13u1build0.25.10.1 Ubuntu 24.04 LTS opam 2.1.5-1ubuntu0.1~esm2 Available with Ubuntu Pro opam-installer 2.1.5-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS opam 2.1.2-1+deb12u1build0.22.04.1 opam-installer 2.1.2-1+deb12u1build0.22.04.1 Ubuntu 20.04 LTS opam 2.0.5-1ubuntu1+esm1 Available with Ubuntu Pro opam-installer 2.0.5-1ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8256-1 CVE-2026-41082 Package Information: https://launchpad.net/ubuntu/+source/opam/2.3.0-1+deb13u1build0.25.10.1 https://launchpad.net/ubuntu/+source/opam/2.1.2-1+deb12u1build0.22.04.1 . opam in Ubuntu has a significant flaw that may allow unintended file installations leading to potential code execution risks.. opam security issue, Ubuntu 26.04 LTS, package manager vulnerabilities. . Severity: Important. LinuxSecurity.com Team
May 07, 2026 •Important Ubuntu 203
security advisorysecurity issueimportantMageia 9 Opam Important Path Traversal Fix MGASA-2026-0116 CVE-2026-41082
MGASA-2026-0116 - Updated opam packages fix security vulnerability. MGASA-2026-0116 - Updated opam packages fix security vulnerability Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0116.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-41082 Description: In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. (CVE-2026-41082) References: - https://bugs.mageia.org/show_bug.cgi?id=35405 - https://lists.debian.org/debian-security-announce/2026/msg00126.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41082 SRPMS: - 9/core/opam-2.1.3-1.1.mga9 . Updated opam packages for Mageia address security risks in OCaml library on version 9.. Mageia opam security fix packages update OCaml. . Severity: Important. LinuxSecurity.com Team
May 07, 2026 •Important Mageia 
202
security advisorymoderatedenial of serviceopenSUSE opam Moderate ocaml-patch Threat CVE-2026-41082 2026-0145-1
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for ocaml-patch, opam ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0145-1 Rating: moderate References: #1262281 Cross-References: CVE-2026-41082 CVSS scores: CVE-2026-41082 (SUSE): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml-patch, opam fixes the following issues: Changes in opam: - Update to version 2.5.1 (CVE-2026-41082 boo#1262281) see included CHANGES file for details - Update to version 2.5.0 see included CHANGES file for details - Update to version 2.4.1 see included CHANGES file for details - Update to version 2.4.0 see included CHANGES file for details Changes in ocaml-patch: - Relax requirement for ocaml-rpm-macros, remove ExclusiveArch - Update to version 3.1.0 see included CHANGES.md file for details - Initial version 3.0.0 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-145=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): ocaml-patch-3.1.0-bp157.2.1 ocaml-patch-debuginfo-3.1.0-bp157.2.1 ocaml-patch-devel-3.1.0-bp157.2.1 - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): opam-2.5.1-bp157.2.3.1 opam-devel-2.5.1-bp157.2.3.1 opam-installer-2.5.1-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-41082.html https://bugzilla.suse.com/1262281 . This security update addresses a moderate threat to openSUSE's opam and ocaml-patch applications. Install recommended patches.. openSUSE opam patch security update. . LinuxSecurity.com Team
Apr 23, 2026 OpenSUSE 197
security advisoryupdatedebianDebian 11 opam Important Directory Traversal Fix DLA-4541-1 CVE-2026-41082
Andrew Nesbitt discovered that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. This could result in directory traversal out of the package area. For Debian 11 bullseye, this problem has been fixed in version 2.0.8-1+deb11u1.. Debian LTS Advisory DLA-4541-1
Apr 21, 2026 •Important Debian LTS 202
security advisorymoderateupdateopenSUSE Tumbleweed opam Moderate CVE-2026-41082 Security Issue 10568-1
An update that solves one vulnerability can now be installed.. # opam-2.5.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10568-1 Rating: moderate Cross-References: * CVE-2026-41082 CVSS scores: * CVE-2026-41082 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-41082 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the opam-2.5.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * opam 2.5.1-1.1 * opam-devel 2.5.1-1.1 * opam-installer 2.5.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41082.html . opam 2.5.1-1.1 on openSUSE Tumbleweed resolves a security issue with moderate severity. Install the update now.. openSUSE Tumbleweed, opam security, package update, CVE-2026-41082, software vulnerabilities. . LinuxSecurity.com Team
Apr 18, 2026 OpenSUSE 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!