USN-5148-2: hivex vulnerability
16 November 2021
hivex could be made to crash or leak information if it received specially crafted input.
Releases
Packages
- hivex - utilities for reading and writing Windows Registry hives
Details
USN-5148-1 fixed a vulnerability in hivex. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that hivex incorrectly handled certain input. An attacker
could use this vulnerability to cause a crash or obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libhivex-bin
-
1.3.13-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libhivex0
-
1.3.13-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
libhivex-bin
-
1.3.9-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
libhivex0
-
1.3.9-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5148-1: hivex, libhivex-bin, python-hivex, libwin-hivex-perl, python3-hivex, libhivex-ocaml, libhivex-dev, ruby-hivex, libhivex-ocaml-dev, libhivex0