Sicherheit: Pufferüberlauf in hivex
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in hivex
ID: FEDORA-2021-b71cc4df92
Distribution: Fedora
Plattformen: Fedora 34
Datum: Mi, 19. Mai 2021, 07:35
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3504
Applikationen: hivex


Fedora Update Notification
2021-05-19 01:21:36.729523

Name : hivex
Product : Fedora 34
Version : 1.3.20
Release : 1.fc34
URL : http://libguestfs.org/
Summary : Read and write Windows Registry binary hive files
Description :
Hive files are the undocumented binary files that Windows uses to
store the Windows Registry on disk. Hivex is a library that can read
and write to these files.

'hivexsh' is a shell you can use to interactively navigate a hive
binary file.

'hivexregedit' (in perl-hivex) lets you export and merge to the
textual regedit format.

'hivexml' can be used to convert a hive file to a more useful XML

In order to get access to the hive files themselves, you can copy them
from a Windows machine. They are usually found in
%systemroot%\system32\config. For virtual machines we recommend
using libguestfs or guestfish to copy out these files. libguestfs
also provides a useful high-level tool called 'virt-win-reg' (based on
hivex technology) which can be used to query specific registry keys in
an existing Windows VM.

For OCaml bindings, see 'ocaml-hivex-devel'.

For Perl bindings, see 'perl-hivex'.

For Python 3 bindings, see 'python3-hivex'.

For Ruby bindings, see 'ruby-hivex'.

Update Information:

New upstream version 1.3.20. Fixes CVE-2021-3504 missing bounds check in

* Mon May 3 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.20-1
- New upstream version 1.3.20.
- Fixes CVE-2021-3504 missing bounds check in hivex_open.
* Tue Mar 30 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-10
- Bump and rebuild for ELN.
* Mon Mar 1 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-9
- OCaml 4.12.0 build

[ 1 ] Bug #1956204 - CVE-2021-3504 hivex: Buffer overflow when provided
invalid node key length [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-b71cc4df92' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Pro-Linux @Facebook
Neue Nachrichten