Описание
ELSA-2024-2396: squashfs-tools security update (MODERATE)
[4.4-10.git1]
- CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz#2007304 RHEL-7763
[4.4-9.git1]
- CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz#2000638
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
squashfs-tools
4.4-10.git1.el9
Oracle Linux x86_64
squashfs-tools
4.4-10.git1.el9
Связанные CVE
Связанные уязвимости
oracle-oval
около 1 года назад
ELSA-2024-3139: squashfs-tools security update (MODERATE)
CVSS3: 8.1
ubuntu
почти 4 года назад
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.