Mageia 7 MGASA-2020-0436 Moderate: fsck.f2fs Code Execution Risk

mageia

November 23, 2020

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0

Summary

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability (CVE-2020-6070).

References

- https://bugs.mageia.org/show_bug.cgi?id=27413

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3SZ4HMQKNI35NBWJI6XMJBGWPEKZRR72/

- https://www.cve.org/CVERecord?id=CVE-2020-6070

Topics Covered

security advisory code execution mageia logic flaw fsck.f2fs heap operations

Resolution

SRPMS

- 7/core/f2fs-tools-1.14.0-1.mga7

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 23 Nov 2020

URL: https://advisories.mageia.org/MGASA-2020-0436.html

Type: security

CVE: CVE-2020-6070

Topics Covered

security advisory code execution mageia logic flaw fsck.f2fs heap operations

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 7 MGASA-2020-0436 Moderate: fsck.f2fs Code Execution Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 7 MGASA-2020-0436 Moderate: fsck.f2fs Code Execution Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!