Summary: | <app-forensics/sleuthkit-4.6.5: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gokturk |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=690194 https://bugs.gentoo.org/show_bug.cgi?id=711930 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 711930, 721154 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2018-07-14 16:50:08 UTC
Bugs Fixed in 4.7 Release: http://www.sleuthkit.org/autopsy/history.php >Memory leaks and other issues revealed by fuzzing the The Sleuth Kit have been fixed. >Result views (upper right) and content views (lower right) stay in synch when switching result views. >Concurrency bugs in the ingest tasks scheduler have been fixed. >Assorted small bug fixes are included. (In reply to D'juan McDonald (domhnall) from comment #1) > Bugs Fixed in 4.7 Release: http://www.sleuthkit.org/autopsy/history.php > > That link is for Autopsy, not TSK. I don't see a version 4.7.0 for TSK. Moreover, I see no activity on the GitHub issue links. Can you double check please? (In reply to Göktürk Yüksek from comment #2) >Can you double check please? Just did and you're right. Was in a hurry and overlooked the TSK version. No changes upstream since then. Thanks Update: sleuthkit-4.6.3 now available. No fixes mentioned in changelogs wrt listed CVE. Upstream tickets 1264,1265,1266,1267 are still open with no activity since initial report. Changelog/NEWS.txt: Sleuthkit-4.6.3 " https://github.com/sleuthkit/sleuthkit/blob/sleuthkit-4.6.3/NEWS.txt --------------- VERSION 4.6.3 -------------- C/C++ Code: - Hashdb bug fixes for corrupt indexes and 0 hashes - New code for testing power of number in ExtX code Java Code: - New class that allows generic database access - New methods that check for duplicate artifacts - Added caches for frequently used content Database Schema: - Added Examiner table - Tags are now associated with Examiners - Changed parent_path for logical files to be consistent with FS files. " Upstream: CVE-2018-11740(https://github.com/sleuthkit/sleuthkit/issues/1264): > in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c CVE-2018-11739(https://github.com/sleuthkit/sleuthkit/issues/1267): >in the function raw_read in tsk/img/raw.c CVE-2018-11738(https://github.com/sleuthkit/sleuthkit/issues/1265): >in the function ntfs_make_data_run in tsk/fs/ntfs.c CVE-2018-11737(https://github.com/sleuthkit/sleuthkit/issues/1266): >in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp Gentoo Security Padawan (domhnall/mbailey_j) I just bumped sleuthkit to 4.6.4 (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e848842de5bfddc72ef014c13d97b62801b5b6fd). However, there's already a vulnerability bug open for this release (https://github.com/sleuthkit/sleuthkit/pull/1374). Allegedly it's CVE-2018-19497 but MITRE disagrees. We should keep an eye on it. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=117cb1fe33767577c267e12a721e7d47781edd85 commit 117cb1fe33767577c267e12a721e7d47781edd85 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2018-11-29 18:07:42 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-11-29 18:07:42 +0000 app-forensics/sleuthkit: backport fix for CVE-2018-19497 to 4.6.4 Bug: https://bugs.gentoo.org/661160 Bug: https://github.com/sleuthkit/sleuthkit/pull/1374 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 .../sleuthkit-4.6.4-CVE-2018-19497-backport.patch | 83 ++++++++++++++++++++++ ...hkit-4.6.4.ebuild => sleuthkit-4.6.4-r1.ebuild} | 1 + 2 files changed, 84 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e26009a67724d3af2dbdaae47d1dcf2288c5539 commit 3e26009a67724d3af2dbdaae47d1dcf2288c5539 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2019-01-24 19:44:24 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2019-01-24 20:17:39 +0000 app-forensics/sleuthkit: bump to 4.6.5 Also addresses CVE-2018-19497. Bug: https://bugs.gentoo.org/661160 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-forensics/sleuthkit/Manifest | 1 + app-forensics/sleuthkit/sleuthkit-4.6.5.ebuild | 255 +++++++++++++++++++++++++ 2 files changed, 256 insertions(+) @maintainer(s), ok to cleanup please? (In reply to Sam James (sec padawan) from comment #8) > @maintainer(s), ok to cleanup please? Uh. Stable. @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35a65cf8e9d105ff217d35c4ea0ba6f52b6ba74c commit 35a65cf8e9d105ff217d35c4ea0ba6f52b6ba74c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-18 02:45:51 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-18 02:45:51 +0000 app-forensics/sleuthkit: drop vulnerable Bug: https://bugs.gentoo.org/661160 Signed-off-by: Aaron Bauman <bman@gentoo.org> app-forensics/sleuthkit/Manifest | 1 - app-forensics/sleuthkit/sleuthkit-4.5.0.ebuild | 169 ------------------------- 2 files changed, 170 deletions(-) |