USN-5078-2: Squashfs-Tools vulnerabilities

15 September 2021

Squashfs-Tools could be made to overwrite files.

Releases

Packages

Details

USN-5078-1 fixed several vulnerabilities in Squashfs-Tools.
This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Etienne Stalmans discovered that Squashfs-Tools mishandled certain
malformed SQUASHFS files. An attacker could use this vulnerability
to write arbitrary files to the filesystem. (CVE-2021-40153)

Richard Weinberger discovered that Squashfs-Tools mishandled certain
malformed SQUASHFS files. An attacker could use this vulnerability to
write arbitrary files to the filesystem. (CVE-2021-41072)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

Related notices