Updated sleuthkit packages fix security vulnerability
Publication date: 27 May 2020Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14532 , CVE-2020-10233
Description
Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table (CVE-2019-14532). In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c (CVE-2020-10233).
References
SRPMS
7/core
- sleuthkit-4.9.0-1.mga7