[ubuntu/bionic-security] squashfs-tools 1:4.3-6ubuntu0.18.04.4 (Accepted)
Alex Murray
alex.murray at canonical.com
Wed Sep 15 01:11:11 UTC 2021
squashfs-tools (1:4.3-6ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
- debian/patches/0014-CVE-2021-41072-1.patch: Use
unsquashfs_closedir() when deleting directories in unsquash-N.c
- debian/patches/0015-CVE-2021-41072-2.patch: Dynamically allocate
structure names in unsquash-N.c
- debian/patches/0016-CVE-2021-41072-3.patch: Store directory names in
a linked list to allow sorting in unsquash-N.c
- debian/patches/0017-CVE-2021-41072-4.patch: Sort directory entries in
squashfs images and treat duplicate directory entries with the same
name as invalid in unsquash-N.c
- debian/patches/0018-CVE-2021-41072-5.patch: Fixup Makefile entry for
unsquash-12.o
- CVE-2021-41072
Date: 2021-09-14 09:05:15.174411+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/squashfs-tools/1:4.3-6ubuntu0.18.04.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list