Download
| Alert*
oval:org.secpod.oval:def:75880
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image i ... oval:org.secpod.oval:def:706139 squashfs-tools: Tools to create and modify squashfs filesystems Squashfs-Tools could be made to overwrite files. oval:org.secpod.oval:def:706178 squashfs-tools: Tools to create and modify squashfs filesystems Details: USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. We apologize for the inconveni ... oval:org.secpod.oval:def:605654 Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image i ... oval:org.secpod.oval:def:75953 squashfs-tools: Tools to create and modify squashfs filesystems Details: USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. We apologize for the inconveni ... oval:org.secpod.oval:def:75952 squashfs-tools: Tools to create and modify squashfs filesystems Squashfs-Tools could be made to overwrite files. oval:org.secpod.oval:def:1701443 Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service via a crafted input, which triggers a stack-based buffer overflow. unsquash-1.c, unsquash-2.c, unsquash-3.c, and unsquash-4.c in Squashfs and sas ... oval:org.secpod.oval:def:3301375 Security update for squashfs oval:org.secpod.oval:def:89051094 This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination * CVE-2021-41072: Fixed an issue where an attacker m ... oval:org.secpod.oval:def:89051175 This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination * CVE-2021-41072: Fixed an issue where an attacker m ... |