-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : sleuthkit Version : 4.1.3-4+deb8u1 CVE ID : CVE-2018-19497 Debian Bug : 914796
It was discovered that the Sleuth Kit (TSK) through version 4.6.4 is affected by a buffer over-read vulnerability. The tsk_getu16 call in hfs_dir_open_meta_cb (tsk/fs/hfs_dent.c) does not properly check boundaries. This vulnerability might be leveraged by remote attackers using crafted filesystem images to cause denial of service or any other unspecified behavior. For Debian 8 "Jessie", this problem has been fixed in version 4.1.3-4+deb8u1. We recommend that you upgrade your sleuthkit packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlwYIGkACgkQZYVUZx9w 0DRpSwf+I4o9JXqFz2AztMjg3Xe8tgWY8D804Bj2a4eZ5xZxcr4FzN2MirHxPnBV HiZ29H8DHuMv1NhXl5jTHZt5rANOkAzz3XavJyFIVKMRL6Wz8uMORSwt9QJS2Omm 4OGnbRtibknfMm76UAQ8lCo9bxLTKvdPJEhFizgK1fwRQJSLiAmnSOKkN1u6VFeB iflsMqX9DRwk7q4qBOfZomxY42HEApNdJ6S6bXM9qbBIDbM6w85EZ0tFE2qcjVOO 7A1DqNN1TjkNNtAQh5AbRNXlhh+BPrQI9QUnz1pxySCQcB+KVp33YiQ4lDN31Hgs 83VluIZwlKqd1hEjYT5thby+rrutZQ== =vCVP -----END PGP SIGNATURE-----