squashfs-tools 1:4.4-1ubuntu0.2 source package in Ubuntu
Changelog
squashfs-tools (1:4.4-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
- debian/patches/0002-CVE-2021-41072-1.patch: Use
unsquashfs_closedir() when deleting directories in unsquash-N.c
- debian/patches/0003-CVE-2021-41072-2.patch: Dynamically allocate
structure names in unsquash-N.c
- debian/patches/0004-CVE-2021-41072-3.patch: Store directory names in
a linked list to allow sorting in unsquash-N.c
- debian/patches/0005-CVE-2021-41072-4.patch: Sort directory entries in
squashfs images and treat duplicate directory entries with the same
name as invalid in unsquash-N.c
- debian/patches/0006-CVE-2021-41072-5.patch: Fixup Makefile entry for
unsquash-12.o
- CVE-2021-41072
-- Alex Murray <email address hidden> Tue, 14 Sep 2021 16:52:23 +0930
Upload details
- Uploaded by:
- Alex Murray
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- linux-any kfreebsd-any
- Section:
- kernel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| squashfs-tools_4.4.orig.tar.gz | 236.2 KiB | a7fa4845e9908523c38d4acf92f8a41fdfcd19def41bd5090d7ad767a6dc75c3 |
| squashfs-tools_4.4-1ubuntu0.2.debian.tar.xz | 16.8 KiB | 4180218840a3d60cb0df92297d6ff095302e710f885688e8c137a95cf37574f8 |
| squashfs-tools_4.4-1ubuntu0.2.dsc | 1.7 KiB | b86c9843d734a0e018edf5ac1be5fabf25ad24c501733016f55502c34b6b0856 |
Available diffs
Binary packages built by this source
- squashfs-tools: Tool to create and append to squashfs filesystems
Squashfs is a highly compressed read-only filesystem for Linux. It uses zlib
compression to compress both files, inodes and directories. Inodes in the
system are very small and all blocks are packed to minimise data overhead.
Block sizes greater than 4K are supported up to a maximum of 64K.
.
Squashfs is intended for general read-only filesystem use, for archival use
(i.e. in cases where a .tar.gz file may be used), and in constrained block
device/memory systems (e.g. embedded systems) where low overhead is needed.
- squashfs-tools-dbgsym: debug symbols for squashfs-tools
