Debian 10261 Published by

A squashfs-tools security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where unsquashfs did not validate all filepaths.



ELA-480-1 squashfs-tools security update

Package squashfs-tools
Version 1:4.2+20130409-2+deb8u1
Related CVEs CVE-2021-40153

An issue has been found in squashfs-tools, a tool to create and append to squashfs filesystems. As unsquashfs did not validate all filepaths, it would allow writing outside of the original destination.

For Debian 8 jessie, these problems have been fixed in version 1:4.2+20130409-2+deb8u1.

We recommend that you upgrade your squashfs-tools packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-480-1 squashfs-tools security update