Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write.
|Package||sys-fs/squashfs-tools on all architectures|
|Affected versions||< 4.5_p20210914|
|Unaffected versions||>= 4.5_p20210914|
Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed.
Multiple vulnerabilities have been discovered in squashfs-tools. Please review the CVE identifiers referenced below for details.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All squashfs-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/squashfs-tools-4.5_p20210914"