Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 31: 2020-1dd340ab85 Moderate: Sleuthkit Buffer Overflow

fedora
Calendar Grey May 16, 2020
Dist Fedora Esm H88
The newest Ubuntu release tackles multiple concerns, featuring a notable security flaw in sleuthkit version 4.9.0 that has been classified as moderate.
Update to 4.9.0

Summary

The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that

allow you to investigate a computer. The current focus of the tools is the

file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,

and ISO 9660 file systems

Update to 4.9.0

* Fri May 8 2020 Nicolas Chauvet - 4.9.0-1

- Update to 4.9.0

* Tue Jan 28 2020 Nicolas Chauvet - 4.8.0-1

- Update to 4.8.0

* Thu Dec 19 2019 Nicolas Chauvet - 4.7.0-1

- Update to 4.7.0

[ 1 ] Bug #1752018 - CVE-2019-14532 sleuthkit: sleuth: off-by-one overwrite due to underflow in tools/hashtools/hfind.cpp [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752018

[ 2 ] Bug #1752019 - CVE-2019-14532 sleuthkit: sleuth: off-by-one overwrite due to underflow in tools/hashtools/hfind.cpp [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1752019

[ 3 ] Bug #1795752 - sleuthkit-4.9.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1795752

[ 4 ] Bug #1811819 - CVE-2020-10232 sleuthkit: Stack buffer overflow vulnerability in yaffsfs_istat() in fs/yaffs.c. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1811819

[ 5 ] Bug #1811820 - CVE-2020-10232 sleuthkit: Stack buffer overflow vulnerability in yaffsfs_istat() in fs/yaffs.c. [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1811820

[ 6 ] Bug #1811823 - CVE-2020-10233 sleuthkit: Heap based buffer overead in in ntfs_dinode_lookup() in fs/ntfs.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1811823

[ 7 ] Bug #1811824 - CVE-2020-10233 sleuthkit: Heap based buffer overead in in ntfs_dinode_lookup() in fs/ntfs.c [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1811824

su -c 'dnf upgrade --advisory FEDORA-2020-1dd340ab85' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow Fedora issue sleuthkit

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 4.9.0
Release: 1.fc31
URL: http://www.sleuthkit.org
Summary: The Sleuth Kit (TSK)

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow Fedora issue sleuthkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here