Test ID:	1.3.6.1.4.1.25623.1.1.2.2022.1414
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2022-1414)
Summary:	The remote host is missing an update for the Huawei EulerOS 'squashfs-tools' package(s) announced via the EulerOS-SA-2022-1414 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'squashfs-tools' package(s) announced via the EulerOS-SA-2022-1414 advisory. Vulnerability Insight: squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.(CVE-2021-41072) Affected Software/OS: 'squashfs-tools' package(s) on Huawei EulerOS Virtualization release 2.10.0. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41072 Debian Security Information: DSA-4987 (Google Search) https://www.debian.org/security/2021/dsa-4987 https://security.gentoo.org/glsa/202305-29 https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.