ELA-360-1 gdisk security update

out-of-bounds write

2021-02-08
Packagegdisk
Version0.8.10-2+deb8u1
Related CVEs CVE-2020-0256 CVE-2021-0308

CVE-2020-0256

In LoadPartitionTable of gpt.cc, there is a possible
out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no
additional execution privileges needed.

CVE-2021-0308

In ReadLogicalParts of basicmbr.cc, there is a possible
out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no
additional execution privileges needed.

For Debian 8 jessie, these problems have been fixed in version 0.8.10-2+deb8u1.

We recommend that you upgrade your gdisk packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/