ELA-480-1 squashfs-tools security update

unvalidated filepaths

2021-08-31
Packagesquashfs-tools
Version1:4.2+20130409-2+deb8u1
Related CVEs CVE-2021-40153


An issue has been found in squashfs-tools, a tool to create and append to squashfs filesystems. As unsquashfs did not validate all filepaths, it would allow writing outside of the original destination.



For Debian 8 jessie, these problems have been fixed in version 1:4.2+20130409-2+deb8u1.

We recommend that you upgrade your squashfs-tools packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.