Explore top 10 tips to secure your open-source projects now. Read More
×
This update for squashfs fixes the following issues:
* CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-
tools (bsc#935380)
* CVE-2021-40153: Fixed an issue where an attacker might have been able to
write a file outside of destination (bsc#1189936)
* CVE-2021-41072: Fixed an issue where an attacker might have been able to
write a file outside the destination directory via a symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the "fragment table" fixed.
This is a regression introduced in August 2022, and it has been seen when
tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without extended attribute
(XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is found
* Fix incorrect free of pointer when an unrecognised XATTR prefix is found.
* Major improvements in extended attribute handling, pseudo file handling, and
...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4591=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4591=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4591=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4591=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4591=1
* SUSE Linux Enterprise High Performance Computing...
Read the Full Advisory* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* squashfs-debuginfo-4.6.1-150300.3.3.1
* squashfs-debugsource-4.6.1-150300.3.3.1
* squashfs-4.6.1-150300.3.3.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* squashfs-debuginfo-4.6.1-150300.3.3.1
* squashfs-debugsource-4.6.1-150300.3.3.1
* squashfs-4.6.1-150300.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* squashfs-debuginfo-4.6.1-150300.3.3.1
* squashfs-debugsource-4.6.1-150300.3.3.1
* squashfs-4.6.1-150300.3.3.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* squashfs-debuginfo-4.6.1-150300.3.3.1
* squashfs-debugsource-4.6.1-150300.3.3.1
* squashfs-4.6.1-150300.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* squashfs-debuginfo-4.6.1-150300.3.3.1
* squashfs-debugsource-4.6.1-150300.3.3.1
* squashfs-4.6.1-150300.3.3.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* squashfs-debuginfo-4.6.1-150300.3.3.1
* squashfs-debugsource-4.6.1-150300.3.3.1
*...
Read the Full Advisory* bsc#1189936
* bsc#1190531
* bsc#935380
## References:
* https://www.suse.com/security/cve/CVE-2015-4645.html
* https://www.suse.com/security/cve/CVE-2015-4646.html
* https://www.suse.com/security/cve/CVE-2021-40153.html
* https://www.suse.com/security/cve/CVE-2021-41072.html
* https://bugzilla.suse.com/show_bug.cgi?id=1189936
* https://bugzilla.suse.com/show_bug.cgi?id=1190531
* https://bugzilla.suse.com/show_bug.cgi?id=935380
Get the latest Linux and open source security news straight to your inbox.