moderate: qt5-qtsvg/squashfs-tools security update
moderate
An update for qt5-qtsvg/squashfs-tools is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
qt5-qtsvg:
squashfs-tools:
Security Fix(es):
qt5-qtsvg: A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.(CVE-2023-32573)
qt5-qtsvg: bugfix
squashfs-tools: A flaw was found in Squashfs-tools, where it is vulnerable to attacks similar to zip-slip. During extraction, a file can escape the destination directory either via the '../' string to access the parent directory or via symlinks. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory.(CVE-2021-40153)
squashfs-tools: A directory traversal flaw was found in squashfs-tools. During extraction, a file can escape the destination directory by using a symbolic link, and a regular file with an identical name. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory.(CVE-2021-41072)
squashfs-tools: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.