GNOME Partition Editor

RSS feed icon RSS News

GParted News Item 184

18 December 2014: CVE-2014-7208 Unsafe OS command execution in GParted <= 0.14.1

A security vulnerability has been found in GParted versions <= 0.14.1. The vulnerability does not exist in GParted 0.15.0 and higher.
See public announcement of the security vulnerability by Wolfgang Ettlinger on 2014-12-18.

The GParted team thanks Wolfgang Ettlinger (discovery, analysis) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting the identified issues and working with us as we addressed them.

Additionally the GParted team thanks all persons involved for handling the security vulnerability in a professional manner. Further, I personally thank Mike Fleetwood for all his work on this issue and for developing patches to address the vulnerability in multiple GParted versions.

More details, including the patches to address the vulnerability in GParted 0.4.2 to 0.14.1 inclusive, can be found at the following link:
Bug 740161 - CVE-2014-7208 Unsafe OS command execution in GParted <= 0.14.1

Curtis
Documentation   FAQ   Forum   Bugs   Features   Screenshots   Articles   Contact

Get GParted at SourceForge.net. Fast, secure and Free Open Source software downloads Valid HTML 4.01! Correct CSS! Privacy policy