#14512 closed enhancement (fixed)
gptfdisk-1.0.6
| Reported by: | Bruce Dubbs | Owned by: | Pierre Labastie |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
https://sourceforge.net/projects/gptfdisk/files/gptfdisk/1.0.6/
Change History (4)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:4 by , 4 years ago
| Priority: | normal → high |
|---|
Contains a fix for CVE-2021-0308
Arch Linux Security Advisory ASA-202101-34 ========================================== Severity: Medium Date : 2021-01-20 CVE-ID : CVE-2021-0308 Package : gptfdisk Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1435 Summary ======= The package gptfdisk before version 1.0.6-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.0.6-1. # pacman -Syu "gptfdisk>=1.0.6-1" The problem has been fixed upstream in version 1.0.6. Workaround ========== None. Description =========== A security issue was found in GPT fdisk before version 1.0.6. In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. Impact ====== A badly formatted MBR disk could execute arbitrary code. References ========== https://source.android.com/security/bulletin/2021-01-01#system https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5%5E! https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29/ https://security.archlinux.org/CVE-2021-0308
Note:
See TracTickets
for help on using tickets.
1.0.6 (1/13/2021)—This version implements some bug fixes and minor improvements: Fixed a bug that could cause a segfault if the GPT header claimed partition entries were oversized. Fixed a bug that could cause a crash if the logical partitions on an MBR disk were mis-numbered. Fixed a bug that caused 32-bit versions of GPT fdisk for Unix-like OSes (including Linux) to fail when handling disks over 4 TiB in size. Fixed FreeBSD compilation, which broke somewhere along the way. Renamed the "Freedesktop $BOOT" partition to "XBOOTLDR partition", as the latter is now the official name used in Freedesktop documentation. Added several new type codes for Freedesktop definitions (0x8312 through 0x831C).