SCIENTIFIC-LINUX-ERRATA Archives

August 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: hivex on SL6.x x86_64
From:
Connie Sieh <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 3 Aug 2015 19:21:46 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (34 lines) 
Synopsis:          Moderate: hivex security and bug fix update
Advisory ID:       SLSA-2015:1378-1
Issue Date:        2015-07-22
CVE Numbers:       CVE-2014-9273
--

It was found that hivex attempted to read, and possibly write, beyond its
allocated buffer when reading a hive file with a very small size or with a
truncated or improperly formatted content. An attacker able to supply a
specially crafted hive file to an application using the hivex library
could possibly use this flaw to execute arbitrary code with the privileges
of the user running that application. (CVE-2014-9273)

This update also fixes the following bug:

* The hivex(3) man page previously contained a typographical error. This
update fixes the typo.
--

SL6
  x86_64
    hivex-1.3.3-4.3.el6.i686.rpm
    hivex-1.3.3-4.3.el6.x86_64.rpm
    hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
    hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
    perl-hivex-1.3.3-4.3.el6.x86_64.rpm
    hivex-devel-1.3.3-4.3.el6.i686.rpm
    hivex-devel-1.3.3-4.3.el6.x86_64.rpm
    ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
    ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
    python-hivex-1.3.3-4.3.el6.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2