Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 16.04 ESM USN-5078-2: Critical Squashfs-Tools File Overwrite

ubuntu
Calendar Grey September 15, 2021
Dist Ubuntu Esm H88
Security Notice regarding Squashfs-Tools flaw for Ubuntu 16.04 ESM, released on September 15, 2021.
Squashfs-Tools could be made to overwrite files.

Summary

Squashfs-Tools could be made to overwrite files.

Software Description:

- squashfs-tools: Tools to create and modify squashfs filesystems

Details:

USN-5078-1 fixed several vulnerabilities in Squashfs-Tools.

This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Etienne Stalmans discovered that Squashfs-Tools mishandled certain

malformed SQUASHFS files. An attacker could use this vulnerability

to write arbitrary files to the filesystem. (CVE-2021-40153)

Richard Weinberger discovered that Squashfs-Tools mishandled certain

malformed SQUASHFS files. An attacker could use this vulnerability to

write arbitrary files to the filesystem. (CVE-2021-41072)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  squashfs-tools                  1:4.3-3ubuntu2.16.04.3+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5078-2

https://ubuntu.com/security/notices/USN-5078-1

CVE-2021-40153, CVE-2021-41072

Severity
critical
Lowest
Low
Medium
High
Critical

September 15, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.