diff --git a/CVE-2020-10232.patch b/CVE-2020-10232.patch new file mode 100644 index 0000000000000000000000000000000000000000..733ab958c109a6f6ed586b8501fd4c913d97be7b --- /dev/null +++ b/CVE-2020-10232.patch @@ -0,0 +1,23 @@ +From 459ae818fc8dae717549810150de4d191ce158f1 Mon Sep 17 00:00:00 2001 +From: micrictor +Date: Sat, 22 Feb 2020 12:17:25 -0800 +Subject: [PATCH] Fix stack buffer overflow in yaffsfs_istat + +Prevent a stack buffer overflow in yaffsfs_istat by increasing the buffer size to the size required by tsk_fs_time_to_str. +--- + tsk/fs/yaffs.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tsk/fs/yaffs.cpp b/tsk/fs/yaffs.cpp +index 68d8b0219b..f5ec30a09d 100755 +--- a/tsk/fs/yaffs.cpp ++++ b/tsk/fs/yaffs.cpp +@@ -2439,7 +2439,7 @@ static uint8_t + YAFFSFS_INFO *yfs = (YAFFSFS_INFO *)fs; + char ls[12]; + YAFFSFS_PRINT_ADDR print; +- char timeBuf[32]; ++ char timeBuf[128]; + YaffsCacheObject * obj = NULL; + YaffsCacheVersion * version = NULL; + YaffsHeader * header = NULL; diff --git a/sleuthkit.spec b/sleuthkit.spec index d761d0b0219e2c9d965b0c4255a4a9bdc1143799..5df48cfad86397f33a7e8167319f20e05f5f7d61 100644 --- a/sleuthkit.spec +++ b/sleuthkit.spec @@ -1,6 +1,6 @@ Name: sleuthkit Version: 4.6.7 -Release: 12 +Release: 13 Summary: Tools for file system and volume forensic analysis License: CPL-1.0 AND IPL-1.0 AND GPL-2.0-or-later URL: http://www.sleuthkit.org @@ -23,6 +23,7 @@ Patch0012: 0012-fix_oob_read8.patch Patch0013: 0013-fix_oob_read13.patch #https://github.com/sleuthkit/sleuthkit/pull/2453/commits/beb68f543261a28ee25b945bb79d39213decd2cd Patch0014: 0014-Fixed-OOB-reads-in-hfs_dir_open_meta_cb.patch +Patch0015: CVE-2020-10232.patch BuildRequires: gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel @@ -97,6 +98,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %{_mandir}/man1/* %changelog +* Mon Sep 01 2025 Saisai Zhao - 4.6.7-13 +- Fix CVE-2020-10232 + * Thu Jun 13 2024 yao_xin - 4.6.7-12 - License compliance rectification