Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 33: FEDORA-2021-f02d345a2d Urgent Hivex Buffer Overflow Patch

fedora
Calendar Grey August 17, 2021
Dist Fedora Esm H88
Hivex revision for Fedora 33 resolves recursion depth concern and corrects stack overflow risk in version 1.3.21.
New upstream version 1.3.21

Summary

Hive files are the undocumented binary files that Windows uses to

store the Windows Registry on disk. Hivex is a library that can read

and write to these files.

'hivexsh' is a shell you can use to interactively navigate a hive

binary file.

'hivexregedit' (in perl-hivex) lets you export and merge to the

textual regedit format.

'hivexml' can be used to convert a hive file to a more useful XML

format.

In order to get access to the hive files themselves, you can copy them

from a Windows machine. They are usually found in

%systemroot%\system32\config. For virtual machines we recommend

using libguestfs or guestfish to copy out these files. libguestfs

also provides a useful high-level tool called 'virt-win-reg' (based on

hivex technology) which can be used to query specific registry keys in

an existing Windows VM.

For OCaml bindings, see 'ocaml-hivex-devel'.

For Perl bindings, see 'perl-hivex'.

For Python 3 bindings, see 'python3-hivex'.

For Ruby bindings, see 'ruby-hivex'.

New upstream version 1.3.21. Fixes CVE-2021-3622 limit recursion in ri-records.

* Mon Aug 2 2021 Richard W.M. Jones - 1.3.21-1

- New upstream version 1.3.21.

- Fixes CVE-2021-3622 limit recursion in ri-records.

[ 1 ] Bug #1975489 - CVE-2021-3622 hivex: stack overflow due to recursive call of _get_children()

https://bugzilla.redhat.com/show_bug.cgi?id=1975489

su -c 'dnf upgrade --advisory FEDORA-2021-775b170f95' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory Fedora critical severity stack overflow hivex

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 1.3.21
Release: 1.fc33
URL: https://libguestfs.org/
Summary: Read and write Windows Registry binary hive files

Topics%20covered

Topics Covered

security advisory Fedora critical severity stack overflow hivex

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here