[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2137-1] sleuthkit security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : sleuthkit
Version        : 4.1.3-4+deb8u2
CVE ID         : CVE-2020-10232


In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is
a stack buffer overflow vulnerability in the YAFFS file timestamp
parsing logic in yaffsfs_istat() in fs/yaffs.c.

For Debian 8 "Jessie", this problem has been fixed in version
4.1.3-4+deb8u2.

We recommend that you upgrade your sleuthkit packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5pEzoACgkQgj6WdgbD
S5aZSw//e19QZDANQpVNJGuRs4OapZ2CtpIhgY8jIADHNeEs8C6w0ytwzEjaaaQ8
pjWTGHEuthZ7rGsozv7rmyZmOp3rtVcrpRvfBTsarDLmgL/CmjFG2lp2It4E76Qd
T/T+7xZyunQTw4tELS/tdpB8mueG9lqNxB6KeQLb8WWs8v3gocuHdg/kGI/HmLuQ
gY3nhWoiGdQSfRfZXNOGO2OSL+z72UKdoCucfv7Cuydkj5lAsNO3U4KObaLwNwVz
Bnpk8FGf16EIY5bq2VNv/sIF0huEoMOpWZpI1VozPwqnRplWchguwn+G1ERE40v2
ha1t7pI/iu9svMuMjBD4F3ECOS7RiTDLaUIcIeMrDCdIvyNmOb397pPWC4/vrPs3
K+ctHekkn/5h0BWSbEZxm1FYlJRGePOR/mmZ0gJhRc0sf+hlVPasYVTkylIvGTIR
unUWFnC+qHTZXBjAAAkIPM9aZQvtTpBFMVCqo3GqNLKper9c5LJ1AVY+yUqpqHjT
X0jCof4Ak/TCJGobzBS4cLsp5G0IazU8VBRPCrVr0Jg3nzd8WHkMniCCI6P4y867
NGsZgUyduhcN4czCrqPT3M3ESD1nAUeQIjfkFhzdbNI7ucF6Y13mTtqx1I3Nmj+c
Uoc5rMNoVbZpyzqHLzlOOlTzcwQIHG7Rkgkx+ntDWUrszBMnBA0=
=WRSv
-----END PGP SIGNATURE-----


Reply to: