advisories/26336.adv

type: security
subject: Updated sleuthkit packages fix security vulnerability
CVE:
 - CVE-2020-10232
src:
  7:
   core:
     - sleuthkit-4.6.6-1.1.mga7
description: |
  Updated sleuthkit packages fix security vulnerability:

  In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack
  buffer overflow vulnerability in the YAFFS file timestamp parsing logic
  in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=26336
 - https://www.debian.org/lts/security/2020/dla-2137
ID: MGASA-2020-0143
1	type: security
2	subject: Updated sleuthkit packages fix security vulnerability
3	CVE:
4	- CVE-2020-10232
5	src:
6	7:
7	core:
8	- sleuthkit-4.6.6-1.1.mga7
9	description: \|
10	Updated sleuthkit packages fix security vulnerability:
11
12	In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack
13	buffer overflow vulnerability in the YAFFS file timestamp parsing logic
14	in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=26336
17	- https://www.debian.org/lts/security/2020/dla-2137
18	ID: MGASA-2020-0143