Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 33 2020-a0b24e9377 Critical F2FS Tools Logic Flaw Fix

fedora
Calendar Grey September 27, 2020
Dist Fedora Esm H88
The recent F2FS-tools enhancement for Fedora 33 addresses a computational inconsistency that could result in possible security vulnerabilities. More information can be found here.
Update to 1.14.0

Summary

NAND flash memory-based storage devices, such as SSD, and SD cards,

have been widely being used for ranging from mobile to server systems.

Since they are known to have different characteristics from the

conventional rotational disks,a file system, an upper layer to

the storage device, should adapt to the changes

from the sketch.

F2FS is a new file system carefully designed for the

NAND flash memory-based storage devices.

We chose a log structure file system approach,

but we tried to adapt it to the new form of storage.

Also we remedy some known issues of the very old log

structured file system, such as snowball effect

of wandering tree and high cleaning overhead.

Because a NAND-based storage device shows different characteristics

according to its internal geometry or flash memory management

scheme aka FTL, we add various parameters not only for configuring

on-disk layout, but also for selecting allocation

and cleaning algorithms.

Update to 1.14.0

* Thu Sep 24 2020 Peter Robinson - 1.14.0-1

- Update to 1.14.0

[ 1 ] Bug #1861729 - CVE-2020-6070 f2fs-tools: specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1861729

su -c 'dnf upgrade --advisory FEDORA-2020-a0b24e9377' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update critical Fedora code execution logic flaw F2FS tools

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 1.14.0
Release: 1.fc33
URL: https://sourceforge.net/projects/f2fs-tools/
Summary: Tools for Flash-Friendly File System (F2FS)

Topics%20covered

Topics Covered

security advisory update critical Fedora code execution logic flaw F2FS tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here