Issued:: 2024-04-30
Updated:: 2024-04-30

RHSA-2024:2396 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: squashfs-tools security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for squashfs-tools is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.

Security Fix(es):

squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)
squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

BZ - 1998621 - CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination
BZ - 2004957 - CVE-2021-41072 squashfs-tools: possible Directory Traversal via symbolic link

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
s390x
squashfs-tools-4.4-10.git1.el9.s390x.rpm	SHA-256: 41eabee74f9bd0a52fdaebf336bb97a7a0ed1ac73393b0f7ce71261890e9c5a1
squashfs-tools-debuginfo-4.4-10.git1.el9.s390x.rpm	SHA-256: 127f51057e6048c7a58237db3285e7ea263467964e25737754284b739f10af9a
squashfs-tools-debugsource-4.4-10.git1.el9.s390x.rpm	SHA-256: ea3480b96583818e0b78a5b85d9320325b14bb0a1808db2bccc19805ed31b46f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
s390x
squashfs-tools-4.4-10.git1.el9.s390x.rpm	SHA-256: 41eabee74f9bd0a52fdaebf336bb97a7a0ed1ac73393b0f7ce71261890e9c5a1
squashfs-tools-debuginfo-4.4-10.git1.el9.s390x.rpm	SHA-256: 127f51057e6048c7a58237db3285e7ea263467964e25737754284b739f10af9a
squashfs-tools-debugsource-4.4-10.git1.el9.s390x.rpm	SHA-256: ea3480b96583818e0b78a5b85d9320325b14bb0a1808db2bccc19805ed31b46f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
s390x
squashfs-tools-4.4-10.git1.el9.s390x.rpm	SHA-256: 41eabee74f9bd0a52fdaebf336bb97a7a0ed1ac73393b0f7ce71261890e9c5a1
squashfs-tools-debuginfo-4.4-10.git1.el9.s390x.rpm	SHA-256: 127f51057e6048c7a58237db3285e7ea263467964e25737754284b739f10af9a
squashfs-tools-debugsource-4.4-10.git1.el9.s390x.rpm	SHA-256: ea3480b96583818e0b78a5b85d9320325b14bb0a1808db2bccc19805ed31b46f

Red Hat Enterprise Linux for Power, little endian 9

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
ppc64le
squashfs-tools-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 5c4dfc832f18334da49973b5570ffff33fbb278a145cf4a19eb53132bb7233ff
squashfs-tools-debuginfo-4.4-10.git1.el9.ppc64le.rpm	SHA-256: c31cc42878d8d74b9da020681d99ec7e0d126c7bfc6a00364d96358df4f6d93f
squashfs-tools-debugsource-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 182e5cfd53f5bf561f7f30f1d340e01d9a64d30a5f802acd3651c747cd9b5616

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
ppc64le
squashfs-tools-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 5c4dfc832f18334da49973b5570ffff33fbb278a145cf4a19eb53132bb7233ff
squashfs-tools-debuginfo-4.4-10.git1.el9.ppc64le.rpm	SHA-256: c31cc42878d8d74b9da020681d99ec7e0d126c7bfc6a00364d96358df4f6d93f
squashfs-tools-debugsource-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 182e5cfd53f5bf561f7f30f1d340e01d9a64d30a5f802acd3651c747cd9b5616

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
ppc64le
squashfs-tools-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 5c4dfc832f18334da49973b5570ffff33fbb278a145cf4a19eb53132bb7233ff
squashfs-tools-debuginfo-4.4-10.git1.el9.ppc64le.rpm	SHA-256: c31cc42878d8d74b9da020681d99ec7e0d126c7bfc6a00364d96358df4f6d93f
squashfs-tools-debugsource-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 182e5cfd53f5bf561f7f30f1d340e01d9a64d30a5f802acd3651c747cd9b5616

Red Hat Enterprise Linux for ARM 64 9

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
aarch64
squashfs-tools-4.4-10.git1.el9.aarch64.rpm	SHA-256: f978a6e77635ba6cb4159fc7e6fe128a37efd715bc6a4a1ac77f218c7da9072e
squashfs-tools-debuginfo-4.4-10.git1.el9.aarch64.rpm	SHA-256: 85ca471dc005faadb63a974170f1a2f2e7ff18e31d961a70a072fd8cc027f054
squashfs-tools-debugsource-4.4-10.git1.el9.aarch64.rpm	SHA-256: 7151ea9401f853ecd20de369cecacdc49fbe5fd91a0353a03ec34bc512c64fe2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
aarch64
squashfs-tools-4.4-10.git1.el9.aarch64.rpm	SHA-256: f978a6e77635ba6cb4159fc7e6fe128a37efd715bc6a4a1ac77f218c7da9072e
squashfs-tools-debuginfo-4.4-10.git1.el9.aarch64.rpm	SHA-256: 85ca471dc005faadb63a974170f1a2f2e7ff18e31d961a70a072fd8cc027f054
squashfs-tools-debugsource-4.4-10.git1.el9.aarch64.rpm	SHA-256: 7151ea9401f853ecd20de369cecacdc49fbe5fd91a0353a03ec34bc512c64fe2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
aarch64
squashfs-tools-4.4-10.git1.el9.aarch64.rpm	SHA-256: f978a6e77635ba6cb4159fc7e6fe128a37efd715bc6a4a1ac77f218c7da9072e
squashfs-tools-debuginfo-4.4-10.git1.el9.aarch64.rpm	SHA-256: 85ca471dc005faadb63a974170f1a2f2e7ff18e31d961a70a072fd8cc027f054
squashfs-tools-debugsource-4.4-10.git1.el9.aarch64.rpm	SHA-256: 7151ea9401f853ecd20de369cecacdc49fbe5fd91a0353a03ec34bc512c64fe2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
ppc64le
squashfs-tools-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 5c4dfc832f18334da49973b5570ffff33fbb278a145cf4a19eb53132bb7233ff
squashfs-tools-debuginfo-4.4-10.git1.el9.ppc64le.rpm	SHA-256: c31cc42878d8d74b9da020681d99ec7e0d126c7bfc6a00364d96358df4f6d93f
squashfs-tools-debugsource-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 182e5cfd53f5bf561f7f30f1d340e01d9a64d30a5f802acd3651c747cd9b5616

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
ppc64le
squashfs-tools-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 5c4dfc832f18334da49973b5570ffff33fbb278a145cf4a19eb53132bb7233ff
squashfs-tools-debuginfo-4.4-10.git1.el9.ppc64le.rpm	SHA-256: c31cc42878d8d74b9da020681d99ec7e0d126c7bfc6a00364d96358df4f6d93f
squashfs-tools-debugsource-4.4-10.git1.el9.ppc64le.rpm	SHA-256: 182e5cfd53f5bf561f7f30f1d340e01d9a64d30a5f802acd3651c747cd9b5616

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
x86_64
squashfs-tools-4.4-10.git1.el9.x86_64.rpm	SHA-256: a892b543eca94673ae19b1948d37ce515d70ddccd89f30794cae5c8931b74c43
squashfs-tools-debuginfo-4.4-10.git1.el9.x86_64.rpm	SHA-256: 3218968942cc79cf4f7e538379b9ed2046de2f70199fcd2d013f6c33a4a16074
squashfs-tools-debugsource-4.4-10.git1.el9.x86_64.rpm	SHA-256: cacee6bf5fb0aea84d59c38e87d8cfdb5f3b591e770e4c5bac438b5febc1c9ec

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
aarch64
squashfs-tools-4.4-10.git1.el9.aarch64.rpm	SHA-256: f978a6e77635ba6cb4159fc7e6fe128a37efd715bc6a4a1ac77f218c7da9072e
squashfs-tools-debuginfo-4.4-10.git1.el9.aarch64.rpm	SHA-256: 85ca471dc005faadb63a974170f1a2f2e7ff18e31d961a70a072fd8cc027f054
squashfs-tools-debugsource-4.4-10.git1.el9.aarch64.rpm	SHA-256: 7151ea9401f853ecd20de369cecacdc49fbe5fd91a0353a03ec34bc512c64fe2

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
aarch64
squashfs-tools-4.4-10.git1.el9.aarch64.rpm	SHA-256: f978a6e77635ba6cb4159fc7e6fe128a37efd715bc6a4a1ac77f218c7da9072e
squashfs-tools-debuginfo-4.4-10.git1.el9.aarch64.rpm	SHA-256: 85ca471dc005faadb63a974170f1a2f2e7ff18e31d961a70a072fd8cc027f054
squashfs-tools-debugsource-4.4-10.git1.el9.aarch64.rpm	SHA-256: 7151ea9401f853ecd20de369cecacdc49fbe5fd91a0353a03ec34bc512c64fe2

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
s390x
squashfs-tools-4.4-10.git1.el9.s390x.rpm	SHA-256: 41eabee74f9bd0a52fdaebf336bb97a7a0ed1ac73393b0f7ce71261890e9c5a1
squashfs-tools-debuginfo-4.4-10.git1.el9.s390x.rpm	SHA-256: 127f51057e6048c7a58237db3285e7ea263467964e25737754284b739f10af9a
squashfs-tools-debugsource-4.4-10.git1.el9.s390x.rpm	SHA-256: ea3480b96583818e0b78a5b85d9320325b14bb0a1808db2bccc19805ed31b46f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
squashfs-tools-4.4-10.git1.el9.src.rpm	SHA-256: a8f3e58f77b03b2a161ccbe7f3579cc3b0e444c7b07ddf5d310596f871f78ca8
s390x
squashfs-tools-4.4-10.git1.el9.s390x.rpm	SHA-256: 41eabee74f9bd0a52fdaebf336bb97a7a0ed1ac73393b0f7ce71261890e9c5a1
squashfs-tools-debuginfo-4.4-10.git1.el9.s390x.rpm	SHA-256: 127f51057e6048c7a58237db3285e7ea263467964e25737754284b739f10af9a
squashfs-tools-debugsource-4.4-10.git1.el9.s390x.rpm	SHA-256: ea3480b96583818e0b78a5b85d9320325b14bb0a1808db2bccc19805ed31b46f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.