| Package | squashfs-tools |
|---|---|
| Version | 1:4.2+20130409-2+deb8u2 |
| Related CVEs | CVE-2021-41072 |
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed.
For Debian 8 jessie, these problems have been fixed in version 1:4.2+20130409-2+deb8u2.
We recommend that you upgrade your squashfs-tools packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.