Synopsis: Moderate: hivex security and bug fix update
Advisory ID: SLSA-2015:1378-1
Issue Date: 2015-07-22
CVE Numbers: CVE-2014-9273
—
It was found that hivex attempted to read, and possibly write, beyond its
allocated buffer when reading a hive file with a very small size or with a
truncated or improperly formatted content. An attacker able to supply a
specially crafted hive file to an application using the hivex library
could possibly use this flaw to execute arbitrary code with the privileges
of the user running that application. (CVE-2014-9273)
This update also fixes the following bug:
* The hivex(3) man page previously contained a typographical error. This
update fixes the typo.
—
SL6
x86_64
hivex-1.3.3-4.3.el6.i686.rpm
hivex-1.3.3-4.3.el6.x86_64.rpm
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
perl-hivex-1.3.3-4.3.el6.x86_64.rpm
hivex-devel-1.3.3-4.3.el6.i686.rpm
hivex-devel-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
python-hivex-1.3.3-4.3.el6.x86_64.rpm
– Scientific Linux Development Team
