squashfs-tools 1:4.4-1ubuntu0.2 source package in Ubuntu


squashfs-tools (1:4.4-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
    - debian/patches/0002-CVE-2021-41072-1.patch: Use
      unsquashfs_closedir() when deleting directories in unsquash-N.c
    - debian/patches/0003-CVE-2021-41072-2.patch: Dynamically allocate
      structure names in unsquash-N.c
    - debian/patches/0004-CVE-2021-41072-3.patch: Store directory names in
      a linked list to allow sorting in unsquash-N.c
    - debian/patches/0005-CVE-2021-41072-4.patch: Sort directory entries in
      squashfs images and treat duplicate directory entries with the same
      name as invalid in unsquash-N.c
    - debian/patches/0006-CVE-2021-41072-5.patch: Fixup Makefile entry for
    - CVE-2021-41072

 -- Alex Murray <email address hidden>  Tue, 14 Sep 2021 16:52:23 +0930

Upload details

Uploaded by:
Alex Murray
Uploaded to:
Original maintainer:
Ubuntu Developers
linux-any kfreebsd-any
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
squashfs-tools_4.4.orig.tar.gz 236.2 KiB a7fa4845e9908523c38d4acf92f8a41fdfcd19def41bd5090d7ad767a6dc75c3
squashfs-tools_4.4-1ubuntu0.2.debian.tar.xz 16.8 KiB 4180218840a3d60cb0df92297d6ff095302e710f885688e8c137a95cf37574f8
squashfs-tools_4.4-1ubuntu0.2.dsc 1.7 KiB b86c9843d734a0e018edf5ac1be5fabf25ad24c501733016f55502c34b6b0856

View changes file

Binary packages built by this source

squashfs-tools: Tool to create and append to squashfs filesystems

 Squashfs is a highly compressed read-only filesystem for Linux. It uses zlib
 compression to compress both files, inodes and directories. Inodes in the
 system are very small and all blocks are packed to minimise data overhead.
 Block sizes greater than 4K are supported up to a maximum of 64K.
 Squashfs is intended for general read-only filesystem use, for archival use
 (i.e. in cases where a .tar.gz file may be used), and in constrained block
 device/memory systems (e.g. embedded systems) where low overhead is needed.

squashfs-tools-dbgsym: debug symbols for squashfs-tools