Fedora has issued an advisory on August 23: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VEGCW34ZQ2RZ3OUDKF3BGXNLDPAIX6YM/ The issues are fixed upstream in 4.6.2. Mageia 5 is also affected.
Done for mga6!
CC: (none) => geiger.david68210
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Thanks David! Advisory: ======================== Updated sleuthkit packages fix security vulnerabilities: In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls (CVE-2017-13755). In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls (CVE-2017-13756). In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a (CVE-2017-13760). An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service (CVE-2018-11737). An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack (CVE-2018-11738). An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack (CVE-2018-11739). An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack (CVE-2018-11740). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11740 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VEGCW34ZQ2RZ3OUDKF3BGXNLDPAIX6YM/ ======================== Updated packages in core/updates_testing: ======================== sleuthkit-4.6.2-2.mga6 libtsk13-4.6.2-2.mga6 libtsk-devel-4.6.2-2.mga6 from sleuthkit-4.6.2-2.mga6.src.rpm
Assignee: pkg-bugs => qa-bugs
Created attachment 10344 [details] File for POC of CVE-2017-13756 $ mmls -t dos hang.img
CC: (none) => tarazed25
Created attachment 10345 [details] POC tests before update
Still evaluating POC results. Some of what I interpreted as random access stuff may be benign output from the fls tool.
Created attachment 10346 [details] Post-update POC tests
Mageia 6, x86_64 Tested the POCs then installed the updates and ran the POC tests again. The test reports make for tedious reading so they have been attached. A full list of the tools can be seen at: https://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview $ fsstat Mageia-5.1-x86_64-DVD.iso === PRIMARY VOLUME DESCRIPTOR 1 === FILE SYSTEM INFORMATION -------------------------------------------- File System Type: ISO9660 Volume Name: Mageia-5.1-x86_64 Volume Set Size: 1 Volume Set Sequence: 1 Publisher: MAGEIA Data Preparer: MAGEIA BCD Recording Application: MAGEIA 5.1 Copyright: METADATA INFORMATION -------------------------------------------- Path Table Location: 398-398 Inode Range: 0 - 4466 Root Directory Block: 20 CONTENT INFORMATION -------------------------------------------- Sector Size: 2048 Block Size: 2048 Total Sector Range: 0 - 1917198 Total Block Range: 0 - 1917198 === SUPPLEMENTARY VOLUME DESCRIPTOR 1 === FILE SYSTEM INFORMATION -------------------------------------------- File System Type: ISO9660 Volume Name: Volume Set Size: 1 Volume Set Sequence: 1 Publisher: Data Preparer: Recording Application: Copyright: METADATA INFORMATION -------------------------------------------- Path Table Location: 677-677 Root Directory Block: 399 Joliet Name Encoding: UCS-2 Level 3 CONTENT INFORMATION -------------------------------------------- Sector Size: 2048 Block Size: 2048 Total Sector Range: 0 - 1917198 Total Block Range: 0 - 1917198 $ fls -m -f Mageia-5.1-x86_64-DVD.iso 0|-f/EFI|1|d/d---------|0|0|2048|0|0|0|1422550559 0|-f/autorun.inf|2|r/r---------|0|0|80|0|0|0|1306509134 0|-f/boot.catalog|3|r/r---------|0|0|2048|0|0|0|1479821863 0|-f/dosutils|4|d/d---------|0|0|2048|0|0|0|1306510202 0|-f/isolinux|5|d/d---------|0|0|4096|0|0|0|1468018830 0|-f/x86_64|6|d/d---------|0|0|2048|0|0|0|1479813839 0|-f/$OrphanFiles|4466|V/V---------|0|0|0|0|0|0|0 $ img_stat Mageia-5.1-x86_64-DVD.iso IMAGE FILE INFORMATION -------------------------------------------- Image Type: raw Size in bytes: 3926917120 Sector size: 512 $ icat -i list Supported image format types: raw (Single or split raw file (dd)) aff (Advanced Forensic Format) afd (AFF Multiple File) afm (AFF with external metadata) afflib (All AFFLIB image formats (including beta ones)) ewf (Expert Witness Format (EnCase)) $ fls -f list Supported file system types: ntfs (NTFS) fat (FAT (Auto Detection)) ext (ExtX (Auto Detection)) iso9660 (ISO9660 CD) hfs (HFS+) ufs (UFS (Auto Detection)) raw (Raw Data) swap (Swap Space) fat12 (FAT12) fat16 (FAT16) fat32 (FAT32) exfat (exFAT) ext2 (Ext2) ext3 (Ext3) ext4 (Ext4) ufs1 (UFS1) ufs2 (UFS2) yaffs2 (YAFFS2) That is about all I can figure out how to do. Regarding the POC tests. Since this tester is not familiar with the expected output of the tools commands it is difficult to be certain if they all confirm the effectiveness of the patches. In a few cases they definitely do. Assigning this a 64-bit OK.
Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisoryCC: (none) => tmb
Hoping nobody objects to the lack of i586 test - validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0368.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This update also fixed CVE-2019-1010065: https://www.debian.org/lts/security/2022/dla-3054