[ubuntu/focal-updates] squashfs-tools 1:4.4-1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Sep 15 01:58:16 UTC 2021
squashfs-tools (1:4.4-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
- debian/patches/0002-CVE-2021-41072-1.patch: Use
unsquashfs_closedir() when deleting directories in unsquash-N.c
- debian/patches/0003-CVE-2021-41072-2.patch: Dynamically allocate
structure names in unsquash-N.c
- debian/patches/0004-CVE-2021-41072-3.patch: Store directory names in
a linked list to allow sorting in unsquash-N.c
- debian/patches/0005-CVE-2021-41072-4.patch: Sort directory entries in
squashfs images and treat duplicate directory entries with the same
name as invalid in unsquash-N.c
- debian/patches/0006-CVE-2021-41072-5.patch: Fixup Makefile entry for
unsquash-12.o
- CVE-2021-41072
Date: 2021-09-14 07:42:12.914976+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/squashfs-tools/1:4.4-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list