Debian-LTS has issued an advisory on March 11: https://www.debian.org/lts/security/2020/dla-2137 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Patch available from Debian and upstream
done for both Cauldron and mga7!
Advisory: ======================== Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10232 https://www.debian.org/lts/security/2020/dla-2137 ======================== Updated packages in core/updates_testing: ======================== sleuthkit-4.6.6-1.1.mga7 libtsk13-4.6.6-1.1.mga7 libtsk-devel-4.6.6-1.1.mga7 from sleuthkit-4.6.6-1.1.mga7.src.rpm
CC: (none) => geiger.david68210Whiteboard: MGA7TOO => (none)Assignee: geiger.david68210 => qa-bugsVersion: Cauldron => 7Status comment: Patch available from Debian and upstream => (none)Source RPM: sleuthkit-4.8.0-2.mga8.src.rpm => sleuthkit-4.6.6-1.mga7.src.rpm
MGA7-64 Plasma on Lenovo B50 No installation issues. Googling and reading man pages broughtme to: insert USB mem stick, finfd device id in dolphin, and then # fsstat /dev/sdb1 | more FILE SYSTEM INFORMATION -------------------------------------------- File System Type: FAT32 OEM Name: MSWIN4.1 Volume ID: 0x2313eff9 Volume Label (Boot Sector): KINGSTON Volume Label (Root Directory): File System Type Label: FAT32 Next Free Sector (FS Info): 292480 Free Sector Count (FS Info): 7531648 Sectors before file system: 8064 File System Layout (in sectors) Total Range: 0 - 7823487 * Reserved: 0 - 47 ** Boot Sector: 0 ** FS Info Sector: 1 ** Backup Boot Sector: 8 * FAT 0: 48 - 1959 * FAT 1: 1960 - 3871 * Data Area: 3872 - 7823487 ** Cluster Area: 3872 - 7823487 *** Root Directory: 3872 - 3903 METADATA INFORMATION -------------------------------------------- Range: 2 - 125113862 Root Directory: 2 CONTENT INFORMATION -------------------------------------------- Sector Size: 512 Cluster Size: 16384 Total Cluster Range: 2 - 244364 FAT CONTENTS (in sectors) -------------------------------------------- 3872-3903 (32) -> EOF 3904-3935 (32) -> EOF 3936-4095 (160) -> EOF and a long list ..... Looks OK, and then thought of checking older updates and found bug 23501 where Len did the same, so I feel comforted I made a godd choice for testing. OK for me.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
You beat me to it Herman. Found no obvious PoC for the overflow issue.
CC: (none) => tarazed25
Then we have a consensus. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0143.html
Status: NEW => RESOLVEDResolution: (none) => FIXED