CVE-2021-40153

Related Files

Red Hat Security Advisory 2024-3139-03

Posted May 23, 2024

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3139-03 - An update for squashfs-tools is now available for Red Hat Enterprise Linux 8. Issues addressed include a traversal vulnerability.

tags | advisory

systems | linux, redhat

advisories | CVE-2021-40153

SHA-256 | 72c3fad45289c8e0cb600cfc7f1fa815f09b86284ed247a4b3b7ee3cc1e5f543

Download | Favorite | View

Red Hat Security Advisory 2024-2396-03

Posted Apr 30, 2024

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2396-03 - An update for squashfs-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.

tags | advisory

systems | linux, redhat

advisories | CVE-2021-40153

SHA-256 | d5724e9e6cae2fa3d83368d819fb614c4934189062ff71fb096011b100933d77

Download | Favorite | View

Gentoo Linux Security Advisory 202305-29

Posted May 30, 2023

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-29 - Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write. Versions greater than or equal to 4.5_p20210914 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2021-40153, CVE-2021-41072

SHA-256 | 41d12184d7c1d9e0b9fa6af6edbc6e9856d3a69d307703dd95cbde672592e475

Download | Favorite | View

Debian Security Advisory 4967-1

Posted Sep 28, 2021

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4967-1 - Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for traversal outside of the destination directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed.

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2021-40153

SHA-256 | c7522b4eeabe8c9588e7d48cd0cc114c4b00a72b7777470016051ed6fbc09d70

Download | Favorite | View

Ubuntu Security Notice USN-5078-2

Posted Sep 16, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5078-2 - USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability

systems | linux, ubuntu

advisories | CVE-2021-40153, CVE-2021-41072

SHA-256 | a52baf7e1b98fc9a9e68e2c58c2ce1b009b09c3956c00ae061c209948fce2a18

Download | Favorite | View

Ubuntu Security Notice USN-5057-1

Posted Aug 31, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5057-1 - Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.

tags | advisory, arbitrary

systems | linux, ubuntu

advisories | CVE-2021-40153

SHA-256 | fc68e85943f3093a413a6734ddf00fce253b4a9090f9a1fe4c489107c28a5335

Download | Favorite | View