Fedora has issued an advisory on January 7: http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097293.html Cauldron is not affected as this was fixed upstream in 4.0.1.
CC: (none) => pierre-malo.denielou
Assignee: bugsquad => pierre-malo.denielou
I will provide an update to 4.0.1 for mageia 2 then.
Status: NEW => ASSIGNED
I have uploaded an updated package for Mageia 2, just like fedora did. To test this, please have a look at the first link. Suggested advisory: ======================== Updated sleuthkit packages fix security vulnerabilities: A security flaw was found in the way the Sleuth Kit (TSK), a collection of UNIX-based command line tools allowing to investigate a computer, performed management of '.' (dotfile) file system entry. An attacker could use this flaw to evade detection by forensic analysis (hide certain files not to be scanned) by renaming the file in question it to be '.' file system entry. The original reports speaks about this attack vector to be present when scanning FAT (File Allocation Table) file system. It is possible though, the flaw to be present on other file systems, which do not reserve usage of '.' entry for special purpose, too. References: http://www.openwall.com/lists/oss-security/2012/12/01/2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5619 https://bugzilla.redhat.com/show_bug.cgi?id=883330 ======================== Updated packages in core/updates_testing: ======================== sleuthkit-4.0.1-1.mga2 lib(64)tsk3_9-4.0.1-1.mga2 lib64tsk3-devel-4.0.1-1.mga2 Source RPM: sleuthkit-4.0.1-1.mga2
Assignee: pierre-malo.denielou => qa-bugs
PoC @ http://sourceforge.net/tracker/?func=detail&aid=3523019&group_id=55685&atid=477889
tested on x86_64 using the PoC from Claire: before update: [root@MGA2_64 marc]# fls -V The Sleuth Kit ver 3.2.3 [root@MGA2_64 marc]# fls -a empty.img v/v 1612675: $MBR v/v 1612676: $FAT1 v/v 1612677: $FAT2 d/d 1612678: $OrphanFiles [root@MGA2_64 marc]# fls -a file.img r/r 3: FILE.TXT v/v 1612675: $MBR v/v 1612676: $FAT1 v/v 1612677: $FAT2 d/d 1612678: $OrphanFiles [root@MGA2_64 marc]# fls -a dot.img r/d 2: . v/v 1612675: $MBR v/v 1612676: $FAT1 v/v 1612677: $FAT2 d/d 1612678: $OrphanFiles after update: [root@MGA2_64 marc]# fls -V The Sleuth Kit ver 4.0.1 [root@MGA2_64 marc]# fls -a empty.img v/v 1612675: $MBR v/v 1612676: $FAT1 v/v 1612677: $FAT2 d/d 1612678: $OrphanFiles [root@MGA2_64 marc]# fls -a file.img r/r 3: FILE.TXT v/v 1612675: $MBR v/v 1612676: $FAT1 v/v 1612677: $FAT2 d/d 1612678: $OrphanFiles [root@MGA2_64 marc]# fls -a dot.img r/d 2: . v/v 1612675: $MBR v/v 1612676: $FAT1 v/v 1612677: $FAT2 d/d 1612678: $OrphanFiles I do not see any differences and cannot interpret the result ;) Is that good, or not?
CC: (none) => marc.lattemann
same results for i586. If this is fine, than package can be validated...
Strange, looks to me like you got the good/desired output from both.
Since after major version jump the new version is not vulnerable I will validate this package: Please see Comment 2 for advisory and SRPMS. Can sysadmin push package to update? Thanks.
Keywords: (none) => validated_updateCC: marc.lattemann => sysadmin-bugsWhiteboard: (none) => MGA2-64-OK, MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0031
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED