Lucene search
OracleLinuxELSA-2024-3139HistoryMay 23, 2024 - 12:00 a.m.
squashfs-tools security update
2024-05-2300:00:00
linux.oracle.com
2
security update
squashfs-tools
cve-2021-41072
cve-2021-40153
unvalidated filepaths
destination directory
vulnerability fix
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.3%
[4.3-21]
- CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix
CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination
Resolves: rhbz#2007303 rhbz#2000637
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.src.rpm |
| oracle linux | 8 | src | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.src.rpm |
| oracle linux | 8 | aarch64 | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.aarch64.rpm |
| oracle linux | 8 | src | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.src.rpm |
| oracle linux | 8 | src | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.src.rpm |
| oracle linux | 8 | x86_64 | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.x86_64.rpm |
| oracle linux | 8 | x86_64 | squashfs-tools | < 4.3-21.el8 | squashfs-tools-4.3-21.el8.x86_64.rpm |
Related
ubuntucve
ubuntucve
CVE-2021-41072
2021-09-14 00:00:00
CVE-2021-40153
2021-08-27 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : squashfs-tools (EulerOS-SA-2022-1235)
2022-02-25 00:00:00
RHEL 9 : squashfs-tools (RHSA-2024:2396)
2024-04-30 00:00:00
CentOS 8 : squashfs-tools (CESA-2024:3139)
2024-05-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2022-1414)
2022-04-13 00:00:00
Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2023-1294)
2023-01-31 00:00:00
Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2021-2936)
2022-01-02 00:00:00
redhat
redhat
(RHSA-2024:3139) Moderate: squashfs-tools security update
2024-05-22 06:35:43
(RHSA-2024:2396) Moderate: squashfs-tools security update
2024-04-30 06:15:35
osv
osv
CVE-2021-41072
2021-09-14 01:15:07
Moderate: squashfs-tools security update
2024-05-22 00:00:00
Moderate: squashfs-tools security update
2024-04-30 00:00:00
nvd
nvd
CVE-2021-41072
2021-09-14 01:15:07
CVE-2021-40153
2021-08-27 15:15:09
prion
prion
Directory traversal
2021-09-14 01:15:00
Path traversal
2021-08-27 15:15:00
cve
cve
CVE-2021-41072
2021-09-14 01:15:07
CVE-2021-40153
2021-08-27 15:15:09
veracode
veracode
Directory Traversal
2021-09-15 15:31:50
Directory Traversal
2021-08-29 09:06:10
almalinux
almalinux
Moderate: squashfs-tools security update
2024-04-30 00:00:00
Moderate: squashfs-tools security update
2024-05-22 00:00:00
rocky
rocky
squashfs-tools security update
2024-06-14 13:59:16
mageia
mageia
Updated squashfs-tools packages fix security vulnerability
2022-01-11 10:12:42
alpinelinux
alpinelinux
CVE-2021-41072
2021-09-14 01:15:07
CVE-2021-40153
2021-08-27 15:15:09
ubuntu
ubuntu
Squashfs-Tools vulnerabilities
2021-09-15 00:00:00
Squashfs-Tools vulnerability
2021-09-15 00:00:00
Squashfs-Tools vulnerability
2021-10-13 00:00:00
debiancve
debiancve
CVE-2021-41072
2021-09-14 01:15:07
CVE-2021-40153
2021-08-27 15:15:09
cvelist
cvelist
CVE-2021-41072
2021-09-14 00:00:00
CVE-2021-40153
2021-08-27 00:00:00
oraclelinux
oraclelinux
squashfs-tools security update
2024-05-02 00:00:00
gentoo
gentoo
squashfs-tools: Multiple Vulnerabilities
2023-05-30 00:00:00
amazon
amazon
Medium: squashfs-tools
2023-07-17 17:40:00
redhatcve
redhatcve
CVE-2021-41072
2021-09-16 15:12:21
CVE-2021-40153
2021-08-27 18:38:01
debian
debian
[SECURITY] [DSA 4987-1] squashfs-tools security update
2021-10-15 12:58:53
[SECURITY] [DLA 2789-1] squashfs-tools security update
2021-10-20 21:58:00
[SECURITY] [DSA 4967-1] squashfs-tools security update
2021-09-04 21:24:25
cnvd
cnvd
Squashfs-Tools has an unspecified vulnerability
2021-08-31 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: squashfs-tools-4.5-3.20210913gite048580.fc33
2021-09-29 01:09:18
[SECURITY] Fedora 34 Update: squashfs-tools-4.5-2.fc34
2021-08-30 20:43:11
cbl_mariner
cbl_mariner
photon
photon
Critical Photon OS Security Update - PHSA-2022-0166
2022-03-25 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0166
2022-03-25 00:00:00
Critical Photon OS Security Update - PHSA-2022-0375
2022-03-26 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.3%
Related for ELSA-2024-3139