Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 3 Aug 2015 19:21:46 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Connie Sieh Subject: Security ERRATA Moderate: hivex on SL6.x x86_64 MIME-Version: 1.0 Message-ID: <20150803192146.32715.63119@slpackages.fnal.gov> Synopsis: Moderate: hivex security and bug fix update Advisory ID: SLSA-2015:1378-1 Issue Date: 2015-07-22 CVE Numbers: CVE-2014-9273 -- It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. (CVE-2014-9273) This update also fixes the following bug: * The hivex(3) man page previously contained a typographical error. This update fixes the typo. -- SL6 x86_64 hivex-1.3.3-4.3.el6.i686.rpm hivex-1.3.3-4.3.el6.x86_64.rpm hivex-debuginfo-1.3.3-4.3.el6.i686.rpm hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm perl-hivex-1.3.3-4.3.el6.x86_64.rpm hivex-devel-1.3.3-4.3.el6.i686.rpm hivex-devel-1.3.3-4.3.el6.x86_64.rpm ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm python-hivex-1.3.3-4.3.el6.x86_64.rpm - Scientific Linux Development Team