Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in f2fs-tools
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in f2fs-tools
ID: FEDORA-2020-a0b24e9377
Distribution: Fedora
Plattformen: Fedora 33
Datum: Mo, 28. September 2020, 21:04
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6070
Applikationen: f2fs-tools

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-a0b24e9377
2020-09-28 00:14:30.730644
-------------------------------------------------------------------------------
-

Name : f2fs-tools
Product : Fedora 33
Version : 1.14.0
Release : 1.fc33
URL : http://sourceforge.net/projects/f2fs-tools/
Summary : Tools for Flash-Friendly File System (F2FS)
Description :
NAND flash memory-based storage devices, such as SSD, and SD cards,
have been widely being used for ranging from mobile to server systems.
Since they are known to have different characteristics from the
conventional rotational disks,a file system, an upper layer to
the storage device, should adapt to the changes
from the sketch.

F2FS is a new file system carefully designed for the
NAND flash memory-based storage devices.
We chose a log structure file system approach,
but we tried to adapt it to the new form of storage.
Also we remedy some known issues of the very old log
structured file system, such as snowball effect
of wandering tree and high cleaning overhead.

Because a NAND-based storage device shows different characteristics
according to its internal geometry or flash memory management
scheme aka FTL, we add various parameters not only for configuring
on-disk layout, but also for selecting allocation
and cleaning algorithms.

-------------------------------------------------------------------------------
-
Update Information:

Update to 1.14.0
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Sep 24 2020 Peter Robinson <pbrobinson@fedoraproject.org> -
1.14.0-1
- Update to 1.14.0
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1861729 - CVE-2020-6070 f2fs-tools: specially crafted f2fs file
can cause a logic flaw and out-of-bounds heap operations, resulting in code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1861729
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-a0b24e9377' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung