A squashfs-tools security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where unsquashfs did not validate all filepaths.
ELA-480-1 squashfs-tools security update
Package squashfs-tools
ELA-480-1 squashfs-tools security update
Version 1:4.2+20130409-2+deb8u1
Related CVEs CVE-2021-40153
An issue has been found in squashfs-tools, a tool to create and append to squashfs filesystems. As unsquashfs did not validate all filepaths, it would allow writing outside of the original destination.
For Debian 8 jessie, these problems have been fixed in version 1:4.2+20130409-2+deb8u1.
We recommend that you upgrade your squashfs-tools packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
