f2fs-tools: Multiple vulnerabilities — GLSA 202101-26

Multiple vulnerabilities have been found in f2fs-tools, the worst of which could result in the arbitrary execution of code.

Affected packages

sys-fs/f2fs-tools on all architectures
Affected versions < 1.14.0
Unaffected versions >= 1.14.0

Background

Tools for Flash-Friendly File System (F2FS).

Description

Multiple vulnerabilities have been discovered in f2fs-tools. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All f2fs-tools users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/f2fs-tools-1.14.0"
 

References

Release date
January 26, 2021

Latest revision
January 26, 2021: 1

Severity
normal

Exploitable
remote

Bugzilla entries