ArchLinux: 202101-34: gptfdisk: arbitrary code execution
Summary
A security issue was found in GPT fdisk before version 1.0.6. In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check.
Resolution
Upgrade to 1.0.6-1.
# pacman -Syu "gptfdisk>=1.0.6-1"
The problem has been fixed upstream in version 1.0.6.
References
https://source.android.com/docs/security/bulletin/2021-01-01 https://android.googlesource.com/platform/external/gptfdisk/+/a87dd6178cc6a58ab0ebc9dafbbe171017e1eebf! https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29/ https://security.archlinux.org/CVE-2021-0308
Workaround
None.