hivex-1.3.21-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10845 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z hivex-1.3.21-2.2 on GA media These are all security issues fixed in the hivex-1.3.21-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10845 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10845 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-3504/ SUSE CVE CVE-2021-3504 page https://www.suse.com/security/cve/CVE-2021-3622/ SUSE CVE CVE-2021-3622 page openSUSE Tumbleweed hivex-1.3.21-2.2 hivex-devel-1.3.21-2.2 hivex-lang-1.3.21-2.2 libhivex0-1.3.21-2.2 ocaml-hivex-1.3.21-2.2 ocaml-hivex-devel-1.3.21-2.2 perl-Win-Hivex-1.3.21-2.2 python3-hivex-1.3.21-2.2 hivex-1.3.21-2.2 as a component of openSUSE Tumbleweed hivex-devel-1.3.21-2.2 as a component of openSUSE Tumbleweed hivex-lang-1.3.21-2.2 as a component of openSUSE Tumbleweed libhivex0-1.3.21-2.2 as a component of openSUSE Tumbleweed ocaml-hivex-1.3.21-2.2 as a component of openSUSE Tumbleweed ocaml-hivex-devel-1.3.21-2.2 as a component of openSUSE Tumbleweed perl-Win-Hivex-1.3.21-2.2 as a component of openSUSE Tumbleweed python3-hivex-1.3.21-2.2 as a component of openSUSE Tumbleweed A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. CVE-2021-3504 openSUSE Tumbleweed:hivex-1.3.21-2.2 openSUSE Tumbleweed:hivex-devel-1.3.21-2.2 openSUSE Tumbleweed:hivex-lang-1.3.21-2.2 openSUSE Tumbleweed:libhivex0-1.3.21-2.2 openSUSE Tumbleweed:ocaml-hivex-1.3.21-2.2 openSUSE Tumbleweed:ocaml-hivex-devel-1.3.21-2.2 openSUSE Tumbleweed:perl-Win-Hivex-1.3.21-2.2 openSUSE Tumbleweed:python3-hivex-1.3.21-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3504.html CVE-2021-3504 https://bugzilla.suse.com/1185013 SUSE Bug 1185013 A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. CVE-2021-3622 openSUSE Tumbleweed:hivex-1.3.21-2.2 openSUSE Tumbleweed:hivex-devel-1.3.21-2.2 openSUSE Tumbleweed:hivex-lang-1.3.21-2.2 openSUSE Tumbleweed:libhivex0-1.3.21-2.2 openSUSE Tumbleweed:ocaml-hivex-1.3.21-2.2 openSUSE Tumbleweed:ocaml-hivex-devel-1.3.21-2.2 openSUSE Tumbleweed:perl-Win-Hivex-1.3.21-2.2 openSUSE Tumbleweed:python3-hivex-1.3.21-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3622.html CVE-2021-3622 https://bugzilla.suse.com/1189060 SUSE Bug 1189060