CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file…

CVE-2021-40153 [HIGH] Squashfs-Tools vulnerabilities Title: Squashfs-Tools vulnerabilities Summary: Squashfs-Tools could be made to overwrite files. USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-40153) Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-41072) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-41072 [HIGH] CWE-59 squashfs-tools: possible Directory Traversal via symbolic link squashfs-tools: possible Directory Traversal via symbolic link squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. A directory traversal flaw was found in squashfs-tools. During extraction, a file can escape the destination directory by using a symbolic link, and a regular file with an identical name. This flaw allows a specially crafted squashfs archive

CVE-2021-41072 [HIGH] CWE-22 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure v

CVE-2021-40153 Squashfs-Tools vulnerability Title: Squashfs-Tools vulnerability Summary: squashfs-tools could be made to overwrite files. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-40153 [HIGH] CWE-22 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not valid squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory and thus allows writing to locations outside of the destination. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in O

CVE-2021-40153 [HIGH] CVE-2021-40153: squashfs-tools - squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in th... squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. Scope: local bookworm: resolved (fixed in 1:4.5-2) bullseye: resolved (fixed in 1:4.4-2+deb11u1) forky: resolved (fixed in 1:4.5-2) sid: resolved (fixed in 1:4.5-2) trixie: resolved (fixed in 1:4.5-2)

CVE-2021-41072 [HIGH] CVE-2021-41072: squashfs-tools - squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversa... squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. Scope: local bookworm: resolved (fixed in 1:4.5-3) bullseye: resolved (fixed in 1:4.4-2+deb11u2) forky: resolved (fixed in 1:4.5-3) sid: resolved (fixed in 1:4.5-3) trixie: resolved (fixed in 1:4.5-3)

CVE-2021-40153 [HIGH] CWE-22 squashfs-tools: unvalidated filepaths allow writing outside of destination squashfs-tools: unvalidated filepaths allow writing outside of destination squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. A flaw was found in Squashfs-tools, where it is vulnerable to attacks similar to zip-slip. During extraction, a file can escape the destination directory either via the '../' string to access the parent directory or via symlinks. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory. Package: squashfs-tools (Red Hat Enterprise Linu

CVE-2021-40153 [CRITICAL] CWE-22 GHSA-98f5-57cr-27p7: squashfs_opendir in unsquash-1 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

CVE-2021-41072 [HIGH] CWE-22 GHSA-f6m6-9fjw-69qm: squashfs_opendir in unsquash-2 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

CVE-2021-40153 [HIGH] squashfs-tools vulnerabilities squashfs-tools vulnerabilities USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-40153) Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-41072)

CVE-2021-41072 [HIGH] CVE-2021-41072: squashfs_opendir in unsquash-2 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

CVE-2021-40153 [HIGH] CVE-2021-40153: squashfs_opendir in unsquash-1 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.