RLSA-2024:2396

Опубликовано: 07 мая 2025

Источник: rocky

Оценка: Moderate

Описание

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.

Security Fix(es):

squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)
squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section.

Затронутые продукты

Rocky Linux 9

Наименование	Архитектура	Релиз	RPM
squashfs-tools	x86_64	10.git1.el9	squashfs-tools-4.4-10.git1.el9.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-40153

CVE-2021-41072

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=1998621
Red Hat - 1998621
https://bugzilla.redhat.com/show_bug.cgi?id=2004957
Red Hat - 2004957

Связанные уязвимости

RLSA-2024:3139

rocky

больше 1 года назад

Moderate: squashfs-tools security update

ELSA-2024-3139

oracle-oval

больше 1 года назад

ELSA-2024-3139: squashfs-tools security update (MODERATE)

ELSA-2024-2396

oracle-oval

почти 2 года назад

ELSA-2024-2396: squashfs-tools security update (MODERATE)

SUSE-SU-2023:4591-1

suse-cvrf

около 2 лет назад

Security update for squashfs

SUSE-SU-2023:4424-1