An update for sleuthkit is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2106 Final 1.0 1.0 2025-09-05 Initial 2025-09-05 2025-09-05 openEuler SA Tool V1.0 2025-09-05 sleuthkit security update An update for sleuthkit is now available for openEuler-22.03-LTS-SP4 The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, EXT3FS and ExFAT file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown. Security Fix(es): In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.(CVE-2020-10232) An update for sleuthkit is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical sleuthkit https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2106 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-10232 https://nvd.nist.gov/vuln/detail/CVE-2020-10232 openEuler-22.03-LTS-SP4 sleuthkit-4.6.7-13.oe2203sp4.aarch64.rpm sleuthkit-debuginfo-4.6.7-13.oe2203sp4.aarch64.rpm sleuthkit-debugsource-4.6.7-13.oe2203sp4.aarch64.rpm sleuthkit-devel-4.6.7-13.oe2203sp4.aarch64.rpm sleuthkit-help-4.6.7-13.oe2203sp4.aarch64.rpm sleuthkit-4.6.7-13.oe2203sp4.src.rpm sleuthkit-4.6.7-13.oe2203sp4.x86_64.rpm sleuthkit-debuginfo-4.6.7-13.oe2203sp4.x86_64.rpm sleuthkit-debugsource-4.6.7-13.oe2203sp4.x86_64.rpm sleuthkit-devel-4.6.7-13.oe2203sp4.x86_64.rpm sleuthkit-help-4.6.7-13.oe2203sp4.x86_64.rpm In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. 2025-09-05 CVE-2020-10232 openEuler-22.03-LTS-SP4 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H sleuthkit security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2106