From Mageia wiki
Jump to: navigation, search

MGASA-2013-0031

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated sleuthkit packages fix security vulnerabilities:

A security flaw was found in the way the Sleuth Kit (TSK), a collection of
UNIX-based command line tools allowing to investigate a computer, performed
management of '.' (dotfile) file system entry. An attacker could use this
flaw to evade detection by forensic analysis (hide certain files not to be
scanned) by renaming the file in question it to be '.' file system entry.

The original reports speaks about this attack vector to be present when
scanning FAT (File Allocation Table) file system. It is possible though,
the flaw to be present on other file systems, which do not reserve usage
of '.' entry for special purpose, too.


Updated Packages:
i586:
libtsk3_9-4.0.1-1.mga2.i586.rpm
libtsk3-devel-4.0.1-1.mga2.i586.rpm
sleuthkit-4.0.1-1.mga2.i586.rpm
sleuthkit-debug-4.0.1-1.mga2.i586.rpm

x86_64:
lib64tsk3_9-4.0.1-1.mga2.x86_64.rpm
lib64tsk3-devel-4.0.1-1.mga2.x86_64.rpm
sleuthkit-4.0.1-1.mga2.x86_64.rpm
sleuthkit-debug-4.0.1-1.mga2.x86_64.rpm

SRPMS:
sleuthkit-4.0.1-1.mga2.src.rpm


References:
http://www.openwall.com/lists/oss-security/2012/12/01/2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5619
https://bugzilla.redhat.com/show_bug.cgi?id=883330
https://bugs.mageia.org/show_bug.cgi?id=8800