Branch sisyphus update bulletin.

Package sleuthkit updated to version 4.6.7-alt1 for branch sisyphus in task 237275.

Published: 2019-08-02
Modified: 2024-11-21

CVE-2019-14531

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://github.com/sleuthkit/sleuthkit/issues/1576
https://github.com/sleuthkit/sleuthkit/issues/1576

Published: 2019-08-02
Modified: 2024-11-21

CVE-2019-14532

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://github.com/sleuthkit/sleuthkit/issues/1575
https://github.com/sleuthkit/sleuthkit/issues/1575
FEDORA-2020-94c2f78e0c
FEDORA-2020-94c2f78e0c
FEDORA-2020-6e3e0c6386
FEDORA-2020-6e3e0c6386
FEDORA-2020-1dd340ab85
FEDORA-2020-1dd340ab85

Version: 2.1.0

Branch sisyphus update on 2019-09-09

ALT-BU-2019-3933-1

ALT-PU-2019-2661-1

Closed vulnerabilities

CVE-2019-14531

CVE-2019-14532