USN-5078-3: Squashfs-Tools vulnerability
13 October 2021
Squashfs-Tools could be made to overwrite files.
- squashfs-tools - Tools to create and modify squashfs filesystems
USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was
incomplete and could still result in Squashfs-Tools mishandling certain
malformed SQUASHFS files. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Richard Weinberger discovered that Squashfs-Tools mishandled certain
malformed SQUASHFS files. An attacker could use this vulnerability to
write arbitrary files to the filesystem.