{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "TuxCare License Agreement",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://tuxcare.com/contact/",
      "name": "TuxCare",
      "namespace": "https://tuxcare.com/"
    },
    "references": [
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/vex/2025/cve-2025-6297-els_os-ubuntu16_04els.json"
      }
    ],
    "title": "Security update on CVE-2025-6297",
    "tracking": {
      "current_release_date": "2025-12-23T22:15:38Z",
      "generator": {
        "date": "2025-12-23T22:15:38Z",
        "engine": {
          "name": "pyCSAF"
        }
      },
      "id": "CVE-2025-6297-ELS_OS-UBUNTU16.04ELS",
      "initial_release_date": "2025-07-01T17:15:00Z",
      "revision_history": [
        {
          "date": "2025-07-01T17:15:00Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-29T12:01:25Z",
          "number": "2",
          "summary": "Official Publication"
        },
        {
          "date": "2025-12-23T22:15:38Z",
          "number": "3",
          "summary": "Update document"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Ubuntu 16.04",
                "product": {
                  "name": "Ubuntu 16.04",
                  "product_id": "Ubuntu-16",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Ubuntu"
          }
        ],
        "category": "vendor",
        "name": "Canonical Ltd."
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64",
                "product": {
                  "name": "libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64",
                  "product_id": "libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64",
                  "product_identification_helper": {
                    "purl": "pkg:deb/tuxcare/libdpkg-dev@1.18.4ubuntu1.7%2Btuxcare.els1?arch=amd64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "TuxCare"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64 as a component of Ubuntu 16.04",
          "product_id": "Ubuntu-16:libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64"
        },
        "product_reference": "libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64",
        "relates_to_product_reference": "Ubuntu-16"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-6297",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "other",
          "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "Ubuntu-16:libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-6297"
        },
        {
          "category": "external",
          "summary": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82",
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
        }
      ],
      "release_date": "2025-07-01T17:15:00Z",
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        },
        {
          "category": "impact",
          "details": "unknown",
          "product_ids": [
            "Ubuntu-16:libdpkg-dev-0:1.18.4ubuntu1.7+tuxcare.els1.amd64"
          ]
        }
      ]
    }
  ]
}