Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 30 FEDORA-2020-6e3e0c6386 Critical: Sleuth Kit Buffer Overflow

fedora
Calendar Grey May 16, 2020
Dist Fedora Esm H88
Sleuth Kit version 4.9.0 launched for Fedora 30, addressing buffer overflow vulnerabilities and enhancing functionality.
Update to 4.9.0

Summary

The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that

allow you to investigate a computer. The current focus of the tools is the

file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,

and ISO 9660 file systems

Update to 4.9.0

* Fri May 8 2020 Nicolas Chauvet - 4.9.0-1

- Update to 4.9.0

* Tue Jan 28 2020 Nicolas Chauvet - 4.8.0-1

- Update to 4.8.0

* Thu Dec 19 2019 Nicolas Chauvet - 4.7.0-1

- Update to 4.7.0

[ 1 ] Bug #1752018 - CVE-2019-14532 sleuthkit: sleuth: off-by-one overwrite due to underflow in tools/hashtools/hfind.cpp [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752018

[ 2 ] Bug #1752019 - CVE-2019-14532 sleuthkit: sleuth: off-by-one overwrite due to underflow in tools/hashtools/hfind.cpp [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1752019

[ 3 ] Bug #1795752 - sleuthkit-4.9.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1795752

[ 4 ] Bug #1811819 - CVE-2020-10232 sleuthkit: Stack buffer overflow vulnerability in yaffsfs_istat() in fs/yaffs.c. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1811819

[ 5 ] Bug #1811820 - CVE-2020-10232 sleuthkit: Stack buffer overflow vulnerability in yaffsfs_istat() in fs/yaffs.c. [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1811820

[ 6 ] Bug #1811823 - CVE-2020-10233 sleuthkit: Heap based buffer overead in in ntfs_dinode_lookup() in fs/ntfs.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1811823

[ 7 ] Bug #1811824 - CVE-2020-10233 sleuthkit: Heap based buffer overead in in ntfs_dinode_lookup() in fs/ntfs.c [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1811824

su -c 'dnf upgrade --advisory FEDORA-2020-6e3e0c6386' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora software release security fix Sleuth Kit

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 4.9.0
Release: 1.fc30
URL: http://www.sleuthkit.org
Summary: The Sleuth Kit (TSK)

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora software release security fix Sleuth Kit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here