-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2549-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta February 08, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : gdisk Version : 1.0.1-1+deb9u1 CVE ID : CVE-2020-0256 CVE-2021-0308 CVE-2020-0256 In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. CVE-2021-0308 In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. For Debian 9 stretch, these problems have been fixed in version 1.0.1-1+deb9u1. We recommend that you upgrade your gdisk packages. For the detailed security status of gdisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gdisk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAg8D0ACgkQgj6WdgbD S5ZsKxAA52qngks1TdNG8hb0fA4uY3WliS+bpcL/OpRuHHmlsPrXZYRicp8xRP7t S0uzpPeDFK+K+nFxGLZ2C6nR4+BlnAmWiATY7269oJR4sA9uT6rkNVAH6Sh/jfG2 TXhoyN+zz1LZK1QXDzZOn+nG5e40gPmxKyW09N+rNdlQ5SUrbiLak8HlIBllkUOI c+mU0jvlxGpEJuWX6qCxpe5YMraKKgP6rFwtJUivvY8RMNukxD5DCNBCd8OEbkXt 6axQoVUKheZmagoRbxGnuzlyiTbdnXjSer9CknO6Pl4Fbn/GKKM4hfN2NUbsIHR3 /wLMKgkeFObOMiTAWOQeVWD5W5UrFG2wxZL/2YhIGTRy8JXemvft2kr4klErqxyD FtzaY/2Bc4CSgM3eBQLz8cUZ1fkYEr9Jr/JSDluHuhK9KcZ/eHHKVwHMlsHKSRYw 42cYiAeT5iZGISOKhLTTW/ViVjE/XhhlLwMLCBepK2nsOzhCUPZWQAe3k8BfPknG DU7TlFXgS7n1E6trr4mOxEQ+u+sL1t3cbaob0UTDlRoSaf7qj2kgXs7Bv7/ruiTq L/1aA3jwzE8OqnfWZM/3z1AWOef6g/AM8wJZ8XrIofb2gyd91bsnz9jltgdodExV qIr7QGsN38FshZFpwjge5w+8Y3Ji3k2cIJOqHi7cUtjkaV8WA0o= =sL3n -----END PGP SIGNATURE-----