Astra Linux - уязвимость в squashfs-tools

The squashfsopendir function in unsquash-2.c within Squashfs-Tools 4.5 enables Directory Traversal, another vulnerability distinct from CVE-2021-40153. A squashfs filesystem that includes a symbolic link, along with files under the same filename, can cause unsquashfs to first create the symbolic...

Astra Linux - уязвимость в squashfs-tools

In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...

CLSA-2026-1777544697 squashfs-tools: Fix of CVE-2021-40153

CVE-2021-40153: fix write outside destination directory in unsquashfs...

MiracleLinux 8 : squashfs-tools-4.3-21.el8 (AXSA:2024-8222:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8222:02 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic...

MiracleLinux 9 : squashfs-tools-4.4-10.git1.el9 (AXSA:2024-7853:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7853:01 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic...

EUVD-2021-27338

Malware in sbrugna...

Unity Linux 20.1070e Security Update: squashfs-tools (UTSA-2025-680652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680652 advisory. squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the...

Unity Linux 20.1070e Security Update: squashfs-tools (UTSA-2025-680654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680654 advisory. squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been...

EUVD-2021-28223

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : squashfs-tools Multiple Vulnerabilities (NS-SA-2025-0192)

The remote NewStart CGSL host, running version MAIN 7.02, has squashfs-tools packages installed that are affected by multiple vulnerabilities: - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem...

CLSA-2025-1751888935 squashfs-tools: Fix of CVE-2021-41072

CVE-2021-41072: fix squashfsopendir directory traversal vulnerability by restricting unsquashfs write operations...

CLSA-2025-1750782908 squashfs-tools: Fix of CVE-2021-40153

CVE-2021-40153: fix directory traversal vulnerability in squashfsopendir by validating filenames before creating new files...

squashfs-tools security update

An update is available for squashfs-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SquashFS is a highly compressed read-only file system for Linux. These...

RLSA-2024:2396 Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fixes: squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via...

RockyLinux 9 : squashfs-tools (RLSA-2024:2396)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2396 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic link...

Advisory ROSA-SA-2025-2819

Software: squashfs-tools 4.3 OS: ROSA Virtualization 3.0 packageevrstring: squashfs-tools-4.3-21.rv30 CVE-ID: CVE-2021-40153 BDU-ID: 2021-05217 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the squashfsopendir function of the unsquash-1.c component of the Squashfs Squashfs-Tools file system...

Linux Distros Unpatched Vulnerability : CVE-2021-41072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has...

RHSA-2024:3139 Red Hat Security Advisory: squashfs-tools security update

Bulletin has no description...

RHSA-2024:2396 Red Hat Security Advisory: squashfs-tools security update

Bulletin has no description...

squashfs-tools security update

An update is available for squashfs-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SquashFS is a highly compressed read-only file system for Linux. These...