Summary: | <sys-fs/squashfs-tools-4.5_p20210914: another directory traversal (CVE-2021-41072) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mgorny, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=811474 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 828028 | ||
Bug Blocks: |
Description
John Helmert III
2021-09-18 14:43:42 UTC
See https://bugs.gentoo.org/811474#c2 (meant to tag this bug and somehow didn't). cleanup done Arbitrary file writes are arbitrary code execution. Upgrading severity for both. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=7c5aee9146a9230980d95e7d2037c660f20dd275 commit 7c5aee9146a9230980d95e7d2037c660f20dd275 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 02:54:28 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 02:56:35 +0000 [ GLSA 202305-29 ] squashfs-tools: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/810706 Bug: https://bugs.gentoo.org/813654 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-29.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) GLSA released, all done! |