Oval Definition:oval:com.redhat.rhsa:def:20151378
Revision Date:2015-07-22Version:638
Title:RHSA-2015:1378: hivex security and bug fix update (Moderate)
Description:Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk.

  • It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. (CVE-2014-9273)

    Red Hat would like to thank Mahmoud Al-Qudsi of NeoSmart Technologies for reporting this issue.

    This update also fixes the following bug:

  • The hivex(3) man page previously contained a typographical error. This update fixes the typo. (BZ#1164693)

    All hivex users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2014-9273
    RHSA-2015:1378
    RHSA-2015:1378-01
    RHSA-2015:1378-03
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • hivex is earlier than 0:1.3.3-4.3.el6
  • AND hivex is signed with Red Hat redhatrelease2 key
  • hivex-devel is earlier than 0:1.3.3-4.3.el6
  • AND hivex-devel is signed with Red Hat redhatrelease2 key
  • ocaml-hivex is earlier than 0:1.3.3-4.3.el6
  • AND ocaml-hivex is signed with Red Hat redhatrelease2 key
  • ocaml-hivex-devel is earlier than 0:1.3.3-4.3.el6
  • AND ocaml-hivex-devel is signed with Red Hat redhatrelease2 key
  • perl-hivex is earlier than 0:1.3.3-4.3.el6
  • AND perl-hivex is signed with Red Hat redhatrelease2 key
  • python-hivex is earlier than 0:1.3.3-4.3.el6
  • AND python-hivex is signed with Red Hat redhatrelease2 key
  • BACK