Univention Bugzilla – Bug 52793
gdisk: Multiple issues (4.4)
Last modified: 2021-02-17 16:53:40 CET
New Debian gdisk 1.0.1-1+deb9u1 fixes: This update addresses the following issues: * In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864 (CVE-2020-0256) * In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. (CVE-2021-0308)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/gdisk_1.0.1-1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/gdisk_1.0.1-1+deb9u1.dsc @@ -1,3 +1,11 @@ +1.0.1-1+deb9u1 [Mon, 08 Feb 2021 12:46:50 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Add patch to fix segfault on some weird data structures. + (Fixes: CVE-2020-0256) + * Add patch to fix a bug that could cause crash if a + badly-formatted MBR disk was read. (Fixes: CVE-2021-0308) + 1.0.1-1 [Fri, 23 Oct 2015 21:36:17 +0200] Guillaume Delacour <gui@iroqwa.org>: * New upstream release, drop included patches: <http://10.200.17.11/4.4-7/#2029252238055080903>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] affd10b0d0 Bug #52793: gdisk 1.0.1-1+deb9u1 doc/errata/staging/gdisk.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) [4.4-7] 752d4ce03c Bug #52793: gdisk 1.0.1-1+deb9u1 doc/errata/staging/gdisk.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x895>