Package "squashfs-tools"

Name: squashfs-tools


Tool to create and append to squashfs filesystems

Latest version: 1:4.3-6ubuntu0.18.04.4
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://squashfs.sourceforge.net/


Download "squashfs-tools"

Other versions of "squashfs-tools" in Bionic

Repository Area Version
base main 1:4.3-6
security main 1:4.3-6ubuntu0.18.04.4


Version: 1:4.3-6ubuntu0.18.04.4 2021-09-15 04:06:17 UTC

  squashfs-tools (1:4.3-6ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
    - debian/patches/0014-CVE-2021-41072-1.patch: Use
      unsquashfs_closedir() when deleting directories in unsquash-N.c
    - debian/patches/0015-CVE-2021-41072-2.patch: Dynamically allocate
      structure names in unsquash-N.c
    - debian/patches/0016-CVE-2021-41072-3.patch: Store directory names in
      a linked list to allow sorting in unsquash-N.c
    - debian/patches/0017-CVE-2021-41072-4.patch: Sort directory entries in
      squashfs images and treat duplicate directory entries with the same
      name as invalid in unsquash-N.c
    - debian/patches/0018-CVE-2021-41072-5.patch: Fixup Makefile entry for
    - CVE-2021-41072

 -- Alex Murray <email address hidden> Tue, 14 Sep 2021 18:13:17 +0930

Source diff to previous version
CVE-2021-41072 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesyst

Version: 1:4.3-6ubuntu0.18.04.3 2021-08-31 02:06:17 UTC

  squashfs-tools (1:4.3-6ubuntu0.18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal via relative paths in unsquashfs
    (LP: #1941790)
    - debian/patches/0013-CVE-2021-40153.patch:
      Treat squashfs images which contain files with names containing
      constructs like ../ as corrupted in unsquash-N.c
    - CVE-2021-40153

 -- Alex Murray <email address hidden> Fri, 27 Aug 2021 15:50:47 +0930

Source diff to previous version
1941790 squashfs-tools 4.5 / \
CVE-2021-40153 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new

Version: 1:4.3-6ubuntu0.18.04.2 2021-06-08 19:06:26 UTC

  squashfs-tools (1:4.3-6ubuntu0.18.04.2) bionic; urgency=medium

  * debian/patches/0012-unsquashfs-add-new-lln-option.patch,
    debian/manpages/unsquashfs.1: add support for numeric uid/gid output
    via -lln command-line option (LP: #1929370).

 -- Alex Murray <email address hidden> Fri, 21 May 2021 17:36:24 +0930

Source diff to previous version
1929370 Backport support for the -lln command-line option to unsquashfs for 18.04

Version: 1:4.3-6ubuntu0.18.04.1 2018-07-16 17:06:55 UTC

  squashfs-tools (1:4.3-6ubuntu0.18.04.1) bionic; urgency=medium

  * debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch,
    debian/patches/0011-also-set-stickybit-as-non-root.patch: apply stickybit
    when run as non-root (LP: #1779914). Patches thanks to Tyler Hicks.

 -- Jamie Strandboge <email address hidden> Thu, 05 Jul 2018 19:49:18 +0000

1779914 unsquashfs does not preserve sticky bit when run as non-root

About   -   Send Feedback to @ubuntu_updates