Advisories » MGASA-2015-0335

Updated squashfs-tools packages fix security vulnerabilities

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4645 , CVE-2015-4646

Description

Updated squashfs-tools package fixes security vulnerabilities:

The unsquashfs command from squashfs-tools is vulnerable to integer
(CVE-2015-4645) and stack (CVE-2015-4646) overflows.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16427
• https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4645
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4646

SRPMS

4/core

• squashfs-tools-4.2-7.1.mga4

5/core

• squashfs-tools-4.3-4.1.mga5