Synopsis: Moderate: hivex security and bug fix update Advisory ID: SLSA-2015:1378-1 Issue Date: 2015-07-22 CVE Numbers: CVE-2014-9273 -- It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. (CVE-2014-9273) This update also fixes the following bug: * The hivex(3) man page previously contained a typographical error. This update fixes the typo. -- SL6 x86_64 hivex-1.3.3-4.3.el6.i686.rpm hivex-1.3.3-4.3.el6.x86_64.rpm hivex-debuginfo-1.3.3-4.3.el6.i686.rpm hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm perl-hivex-1.3.3-4.3.el6.x86_64.rpm hivex-devel-1.3.3-4.3.el6.i686.rpm hivex-devel-1.3.3-4.3.el6.x86_64.rpm ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm python-hivex-1.3.3-4.3.el6.x86_64.rpm - Scientific Linux Development Team