squashfs-tools 4.5 / "write outside directory" exploit fix back port?
Bug #1941790 reported by
David Trudgian
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squashfs-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The squashfs-tools 4.5 release addresses an issue where `unsquashfs` can extract files outside of its target directory, given a malicious input file.
This issue was reported back in 2019 at: https:/
The squashfs-tools release notes mention the fix: https:/
> 3.13 Unsquashfs "write outside directory" exploit fixed.
Is Ubuntu aware of this issue w.r.t. back porting to distro release versions squashfs-tools?
CVE References
To post a comment you must log in.
Thanks David for the notice; I've asked MITRE to assign a CVE for us.