Описание
Security update for hivex
This update for hivex fixes the following issues:
- CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060).
Список пакетов
Container suse/sles/15.3/libguestfs-tools:0.45.0
libhivex0-1.3.14-5.6.1
perl-Win-Hivex-1.3.14-5.6.1
SUSE Linux Enterprise Micro 5.0
libhivex0-1.3.14-5.6.1
perl-Win-Hivex-1.3.14-5.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
hivex-devel-1.3.14-5.6.1
libhivex0-1.3.14-5.6.1
perl-Win-Hivex-1.3.14-5.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
hivex-devel-1.3.14-5.6.1
libhivex0-1.3.14-5.6.1
perl-Win-Hivex-1.3.14-5.6.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
ocaml-hivex-1.3.14-5.6.1
ocaml-hivex-devel-1.3.14-5.6.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
ocaml-hivex-1.3.14-5.6.1
ocaml-hivex-devel-1.3.14-5.6.1
Ссылки
- Link for SUSE-SU-2021:3201-1
- E-Mail link for SUSE-SU-2021:3201-1
- SUSE Security Ratings
- SUSE Bug 1189060
- SUSE CVE CVE-2021-3622 page
Описание
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Container suse/sles/15.3/libguestfs-tools:0.45.0:libhivex0-1.3.14-5.6.1
Container suse/sles/15.3/libguestfs-tools:0.45.0:perl-Win-Hivex-1.3.14-5.6.1
SUSE Linux Enterprise Micro 5.0:libhivex0-1.3.14-5.6.1
SUSE Linux Enterprise Micro 5.0:perl-Win-Hivex-1.3.14-5.6.1
Ссылки
- CVE-2021-3622
- SUSE Bug 1189060