Advisories ยป MGASA-2020-0234

Updated sleuthkit packages fix security vulnerability

Publication date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14532 , CVE-2020-10233

Description

Updated sleuthkit packages fix security vulnerabilities:

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an
off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp
while using a bogus hash table (CVE-2019-14532).

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c
(CVE-2020-10233).
                

References

SRPMS

7/core