ASA-202101-34 log original external raw

[ASA-202101-34] gptfdisk: arbitrary code execution
Arch Linux Security Advisory ASA-202101-34 ========================================== Severity: Medium Date : 2021-01-20 CVE-ID : CVE-2021-0308 Package : gptfdisk Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1435 Summary ======= The package gptfdisk before version 1.0.6-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.0.6-1. # pacman -Syu "gptfdisk>=1.0.6-1" The problem has been fixed upstream in version 1.0.6. Workaround ========== None. Description =========== A security issue was found in GPT fdisk before version 1.0.6. In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. Impact ====== A badly formatted MBR disk could execute arbitrary code. References ========== https://source.android.com/security/bulletin/2021-01-01#system https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5%5E! https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29/ https://security.archlinux.org/CVE-2021-0308