Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia 7: MGASA-2020-0234 Moderate: Sleuthkit Off-By-One Issue

mageia
Calendar Grey May 27, 2020
Dist Mageia Esm H88
Recent updates to sleuthkit packages in Mageia tackle significant security issues. Refer to the advisory for comprehensive details and resolution steps.
Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit (TSK) 4.6.6

Summary

Updated sleuthkit packages fix security vulnerabilities:
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table (CVE-2019-14532).
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c (CVE-2020-10233).

References

- https://bugs.mageia.org/show_bug.cgi?id=26654

- https://www.cve.org/CVERecord?id=CVE-2019-14532

- https://www.cve.org/CVERecord?id=CVE-2020-10233

Resolution

SRPMS

- 7/core/sleuthkit-4.9.0-1.mga7

Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0234.html
Type: security
CVE: CVE-2019-14532, CVE-2020-10233

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here