Scientific Linux: SLSA-2015:1378-1 Moderate Hivex Buffer Overflow

Aug 03, 2015 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate buffer overflow bug fix x86_64 hivex Scientific Linux

Moderate: hivex security and bug fix update

Date: Mon, 3 Aug 2015 19:21:46 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux

From: Connie Sieh 
Subject: Security ERRATA Moderate: hivex on SL6.x x86_64
MIME-Version: 1.0
Message-ID: <20150803192146.32715.63119@slpackages.fnal.gov>

Synopsis: Moderate: hivex security and bug fix update
Advisory ID: SLSA-2015:1378-1
Issue Date: 2015-07-22
CVE Numbers: CVE-2014-9273
--

It was found that hivex attempted to read, and possibly write, beyond its
allocated buffer when reading a hive file with a very small size or with a
truncated or improperly formatted content. An attacker able to supply a
specially crafted hive file to an application using the hivex library
could possibly use this flaw to execute arbitrary code with the privileges
of the user running that application. (CVE-2014-9273)

This update also fixes the following bug:

* The hivex(3) man page previously contained a typographical error. This
update fixes the typo.
--

SL6
 x86_64
 hivex-1.3.3-4.3.el6.i686.rpm
 hivex-1.3.3-4.3.el6.x86_64.rpm
 hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
 hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
 perl-hivex-1.3.3-4.3.el6.x86_64.rpm
 hivex-devel-1.3.3-4.3.el6.i686.rpm
 hivex-devel-1.3.3-4.3.el6.x86_64.rpm
 ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
 ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
 python-hivex-1.3.3-4.3.el6.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here