gdisk 1.0.6 has been released on January 13, fixing two security issues: https://sourceforge.net/p/gptfdisk/code/ci/6180deb472c302c47f4d4acff8f2123d10824364/tree/NEWS Freeze push requested for Cauldron. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 1.0.6
Well, you seem to have already updated Cauldron! 1.0.6 (fixes CVE-2020-0256 and CVE-2021-0308) Assigning to David G for M7 as committer of previous versions of this.
Assignee: bugsquad => geiger.david68210
gdisk-1.0.6-1.mga8 uploaded for Cauldron.
Source RPM: gdisk-1.0.5-1.mga8.src.rpm => gdisk-1.0.4-1.mga7.src.rpmVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)
Done for mga7!
Advisory: ======================== Updated gdisk package fixes security vulnerabilities: A bug that could cause segfault if GPT header claimed partition entries are oversized (CVE-2020-0256). A bug that could cause a crash if a badly-formatted MBR disk was read (CVE-2021-0308). The gdisk package has been updated to version 1.0.6, fixing these issues and several other bugs. See the upstream NEWS file for details. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0256 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0308 https://sourceforge.net/p/gptfdisk/code/ci/6180deb472c302c47f4d4acff8f2123d10824364/tree/NEWS ======================== Updated packages in core/updates_testing: ======================== gdisk-1.0.6-1.mga7 from gdisk-1.0.6-1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugsStatus comment: Fixed upstream in 1.0.6 => (none)
MGA7-x86-64 MATE on Peaq C1011 No installation issues At CLI as root # blkid /dev/mmcblk1: PTUUID="bed65990-56c9-435e-b6ce-51d3b38294cc" PTTYPE="gpt" /dev/mmcblk1p1: UUID="A0CD-ECFF" TYPE="vfat" PARTUUID="8e5b974f-8fd8-477a-a3f3-fffc574edc8f" /dev/mmcblk1p2: UUID="388c3231-b6dd-4ab6-a9f8-b43efe5d8956" TYPE="ext4" PARTUUID="24251176-1bb9-445f-b972-ccae589ab983" /dev/mmcblk1p3: UUID="edb8007b-ab87-4f31-ae51-52e8c0663640" TYPE="swap" PARTUUID="b8642841-31de-40e5-a944-b2bcd0f039f0" /dev/mmcblk1p4: UUID="f6a8af6b-ab07-4a42-9e28-f787ca982534" TYPE="ext4" PARTUUID="3665ae7e-b260-4709-9caa-0784ffb9c205" /dev/mmcblk1p5: UUID="d4d0fdcc-db47-4921-b364-3a0e9ae106f1" TYPE="ext4" PARTUUID="d71b79a4-36f8-41ca-b686-b02803529c1b" # gdisk /dev/mmcblk1 GPT fdisk (gdisk) version 1.0.6 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Command (? for help): ? b back up GPT data to a file c change a partition's name d delete a partition i show detailed information on a partition l list known partition types n add a new partition o create a new empty GUID partition table (GPT) p print the partition table q quit without saving changes r recovery and transformation options (experts only) s sort partitions t change a partition's type code v verify disk w write table to disk and exit x extra functionality (experts only) ? print this menu Command (? for help): i Partition number (1-5): 1 Partition GUID code: C12A7328-F81F-11D2-BA4B-00A0C93EC93B (EFI system partition) Partition unique GUID: 8E5B974F-8FD8-477A-A3F3-FFFC574EDC8F First sector: 2048 (at 1024.0 KiB) Last sector: 1024033 (at 500.0 MiB) Partition size: 1021986 sectors (499.0 MiB) Attribute flags: 0000000000000000 Partition name: '' Command (? for help): q I have no spare space on this diskjec to fiddle around with, so unless someone objects, this is good enough for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory pushed to SVN.
CVE: (none) => CVE-2020-0256, CVE-2021-0308Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0073.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Debian-LTS has issued an advisory for this on February 11: https://www.debian.org/lts/security/2021/dla-2549