This bug was fixed in the package squashfs-tools - 1:4.4-2ubuntu0.1
---------------
squashfs-tools (1:4.4-2ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Directory traversal via relative paths in unsquashfs
(LP: #1941790)
- debian/patches/0003-CVE-2021-40153.patch:
Treat squashfs images which contain files with names containing
constructs like ../ as corrupted in unsquash-N.c
- CVE-2021-40153
-- Alex Murray <[email protected]> Fri, 27 Aug 2021 14:54:27
+0930
** Changed in: squashfs-tools (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1941790
Title:
squashfs-tools 4.5 / "write outside directory" exploit fix back port?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
