This bug was fixed in the package squashfs-tools - 1:4.4-2ubuntu0.1 --------------- squashfs-tools (1:4.4-2ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Directory traversal via relative paths in unsquashfs (LP: #1941790) - debian/patches/0003-CVE-2021-40153.patch: Treat squashfs images which contain files with names containing constructs like ../ as corrupted in unsquash-N.c - CVE-2021-40153 -- Alex Murray <alex.mur...@canonical.com> Fri, 27 Aug 2021 14:54:27 +0930 ** Changed in: squashfs-tools (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1941790 Title: squashfs-tools 4.5 / "write outside directory" exploit fix back port? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs