This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
- Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
- Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
- Fix XATTR error message when an unrecognised prefix is
found
- Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
- Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
- Extended attribute handling improved in Mksquashfs and
Sqfstar
- New Pseudo file xattr definition to add extended
attributes to files.
- New xattrs-add Action to add extended attributes to files
- Extended attribute handling improved in Unsquashfs
- Other major improvements
- Unsquashfs can now output Pseudo files to standard out.
- Mksquashfs can now input Pseudo files from standard in.
- Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
- Pseudo files are now supported by Sqfstar.
- 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
- This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
- The -help text output from the utilities has been improved
and extended as well...