Gentoo Linux Security Advisory 202305-29 - Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write. Versions greater than or equal to 4.5_p20210914 are affected.
41d12184d7c1d9e0b9fa6af6edbc6e9856d3a69d307703dd95cbde672592e475
Debian Linux Security Advisory 4987-1 - Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed.
5bdedd741ddca312ddaa409fd8416bc522c6f837900bc51f74100ec3ea343990
Ubuntu Security Notice 5078-3 - USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.
7a38fac3a6c70cba474a9afe981c571a1b55956f49b48f20169c2a6ad02eda40
Ubuntu Security Notice 5078-2 - USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.
a52baf7e1b98fc9a9e68e2c58c2ce1b009b09c3956c00ae061c209948fce2a18
Ubuntu Security Notice 5078-1 - Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
29045801f6c03dcd7332efc0bb67025d0097e29be1019ac6339d9f4bf614eaed