PublicDateAtUSN: 2021-09-14
Candidate: CVE-2021-41072
PublicDate: 2021-09-14 01:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41072
 https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
 https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
 https://ubuntu.com/security/notices/USN-5078-1
 https://ubuntu.com/security/notices/USN-5078-2
Description:
 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory
 Traversal, a different vulnerability than CVE-2021-40153. A squashfs
 filesystem that has been crafted to include a symbolic link and then
 contents under the same filename in a filesystem can cause unsquashfs to
 first create the symbolic link pointing outside the expected directory, and
 then the subsequent write operation will cause the unsquashfs process to
 write through the symbolic link elsewhere in the filesystem.
Ubuntu-Description:
 Richard Weinberger discovered that Squashfs-Tools mishandled certain
 malformed SQUASHFS files. An attacker could use this vulnerability to
 write arbitrary files to the filesystem.
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Richard Weinberger
Assigned-to: amurray
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H [8.1 HIGH]


Patches_squashfs-tools:
 upstream: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
upstream_squashfs-tools: needs-triage
trusty_squashfs-tools: ignored (out of standard support)
trusty/esm_squashfs-tools: DNE
xenial_squashfs-tools: ignored (out of standard support)
esm-infra/xenial_squashfs-tools: released (1:4.3-3ubuntu2.16.04.3+esm1)
bionic_squashfs-tools: released (1:4.3-6ubuntu0.18.04.4)
focal_squashfs-tools: released (1:4.4-1ubuntu0.2)
hirsute_squashfs-tools: released (1:4.4-2ubuntu0.2)
impish_squashfs-tools: released (1:4.4-2ubuntu2)
jammy_squashfs-tools: released (1:4.4-2ubuntu2)
devel_squashfs-tools: released (1:4.4-2ubuntu2)