Advisories » MGASA-2020-0143

Updated sleuthkit packages fix security vulnerability

Publication date: 18 Mar 2020
Modification date: 18 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10232

Description

Updated sleuthkit packages fix security vulnerability:

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack
buffer overflow vulnerability in the YAFFS file timestamp parsing logic
in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26336
• https://www.debian.org/lts/security/2020/dla-2137
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10232

SRPMS

7/core

• sleuthkit-4.6.6-1.1.mga7