DSA-6386-1 opam - security update
Kate Deplaix reported that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. Installing files through .install files did not check symlinks resolution on the target path, which could result in directory traversal out of the package area. https://security-tracker.debian.org/tracker/DSA-6386-1
CSIRTS triage
- What
- Insufficient restrictions in .install file directives can lead to directory traversal vulnerabilities.
- Who is affected
- Users of OPAM who install packages are affected.
- Urgency
- Remediation is necessary as exploitation is possible, though the severity is unknown.
- Action
- Users should update OPAM to the latest version to mitigate this issue.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch OPAM
Get an email when a new OPAM advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://lists.debian.org/debian-security-announce/2026/msg00297.html
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-57825 | coverage & exploitation status | NVD · CVE.org |
More from Debian Security Advisories
- unknownDSA-6384-1 chromium - security update2026-07-08
- unknownDSA-6385-1 pgextwlist - security update2026-07-08
- unknownDSA-6383-1 imagemagick - security update2026-07-07
- unknownDSA-6382-1 postfix - security update2026-07-07
- unknownDSA-6381-1 linux - security update2026-07-05