Debian 10261 Published by

A gdisk security update has been released for Debian GNU/Linux 8 Extended LTS to address two security issues.



ELA-360-1 gdisk security update


Package gdisk
Version 0.8.10-2+deb8u1
Related CVEs CVE-2020-0256 CVE-2021-0308

CVE-2020-0256

In LoadPartitionTable of gpt.cc, there is a possible
out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no
additional execution privileges needed.

CVE-2021-0308

In ReadLogicalParts of basicmbr.cc, there is a possible
out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no
additional execution privileges needed.
For Debian 8 jessie, these problems have been fixed in version 0.8.10-2+deb8u1.

We recommend that you upgrade your gdisk packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-360-1 gdisk security update