Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in
Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code
via a crafted block_log field in the superblock of a .sqsh file, leading to
a heap-based buffer overflow.
Stack-based buffer overflow in the get_component function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute
arbitrary code via a crafted list file (aka a crafted file for the -ef
option). NOTE: probably in most cases, the list file is a trusted file
constructed by the program's user; however, there are some realistic
situations in which a list file would be obtained from an untrusted remote
I don't know how glsamaker does its job, but there is definitely no progress yet.
Upstream git contains fixes now:
The commit messages lack any attribution to the original reporter of the vulnerabilities though.
I have put a snapshot in the tree but I since it has a lot more changes than just the ones we want, maybe it's not ready to go stable quite yet.
4.3 is in the tree since June 2014 and is being marked stable in bug #542226.
afaict, this is fixed in the 4.3 release which is already stable
New GLSA created.
This issue was resolved and addressed in
GLSA 201612-40 at https://security.gentoo.org/glsa/201612-40
by GLSA coordinator Aaron Bauman (b-man).