|
|
Subscribe / Log in / New account

squashfs-tools: two vulnerabilities

Package(s):squashfs-tools CVE #(s):CVE-2015-4645 CVE-2015-4646
Created:July 20, 2015 Updated:January 30, 2017
Description: From the sasquatch advisory:

CVE-2015-4645: The first problem overflows the bytes variable, so that the allocation of fragments_bytes[] has an erroneous size.

int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
...
fragment_table = malloc(bytes);

CVE-2015-4646: If we fix this by making the variable size_t, we run into an unrelated problem in which the stack VLA allocation of fragment_table_index[] can easily exceed RLIMIT_STACK.

Alerts:
Gentoo 201701-73 squashfs-tools 2017-01-29
Mageia MGASA-2015-0335 squashfs-tools 2015-09-08
Fedora FEDORA-2015-10760 squashfs-tools 2015-07-21
Fedora FEDORA-2015-10750 squashfs-tools 2015-07-19
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds