[ubuntu/hirsute-security] squashfs-tools 1:4.4-2ubuntu0.2 (Accepted)
Alex Murray
alex.murray at canonical.com
Wed Sep 15 01:11:06 UTC 2021
squashfs-tools (1:4.4-2ubuntu0.2) hirsute-security; urgency=medium
* SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
- debian/patches/0004-CVE-2021-41072-1.patch: Use
unsquashfs_closedir() when deleting directories in unsquash-N.c
- debian/patches/0005-CVE-2021-41072-2.patch: Dynamically allocate
structure names in unsquash-N.c
- debian/patches/0006-CVE-2021-41072-3.patch: Store directory names in
a linked list to allow sorting in unsquash-N.c
- debian/patches/0007-CVE-2021-41072-4.patch: Sort directory entries in
squashfs images and treat duplicate directory entries with the same
name as invalid in unsquash-N.c
- debian/patches/0008-CVE-2021-41072-5.patch: Fixup Makefile entry for
unsquash-12.o
- CVE-2021-41072
Date: 2021-09-14 07:42:15.240049+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/squashfs-tools/1:4.4-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Hirsute-changes
mailing list