Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 33 - FEDORA-2021-da76643229 Critical: Hivex Bounds Check

fedora
Calendar Grey May 18, 2021
Dist Fedora Esm H88
Recent patch for Fedora 33 tackles security flaw in hivex library by improving bounds checking.
New upstream version 1.3.20

Summary

Hive files are the undocumented binary files that Windows uses to

store the Windows Registry on disk. Hivex is a library that can read

and write to these files.

'hivexsh' is a shell you can use to interactively navigate a hive

binary file.

'hivexregedit' (in perl-hivex) lets you export and merge to the

textual regedit format.

'hivexml' can be used to convert a hive file to a more useful XML

format.

In order to get access to the hive files themselves, you can copy them

from a Windows machine. They are usually found in

%systemroot%\system32\config. For virtual machines we recommend

using libguestfs or guestfish to copy out these files. libguestfs

also provides a useful high-level tool called 'virt-win-reg' (based on

hivex technology) which can be used to query specific registry keys in

an existing Windows VM.

For OCaml bindings, see 'ocaml-hivex-devel'.

For Perl bindings, see 'perl-hivex'.

For Python 3 bindings, see 'python3-hivex'.

For Ruby bindings, see 'ruby-hivex'.

New upstream version 1.3.20. Fixes CVE-2021-3504 missing bounds check in

hivex_open.

* Mon May 3 2021 Richard W.M. Jones - 1.3.20-1

- New upstream version 1.3.20.

- Fixes CVE-2021-3504 missing bounds check in hivex_open.

su -c 'dnf upgrade --advisory FEDORA-2021-da76643229' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical software update Fedora security fix hivex bounds check

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 1.3.20
Release: 1.fc33
URL: https://libguestfs.org/
Summary: Read and write Windows Registry binary hive files

Topics%20covered

Topics Covered

security advisory critical software update Fedora security fix hivex bounds check

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here