An update for hivex is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1200 Final 1.0 1.0 2021-05-30 Initial 2021-05-30 2021-05-30 openEuler SA Tool V1.0 2021-05-30 hivex security update An update for hivex is now available for openEuler-20.03-LTS-SP1. Hivex is a library for extracting the contents of Windows Registry "hive" files. It is designed to be secure against buggy or malicious registry files. Security Fix(es): A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.(CVE-2021-3504) An update for hivex is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High hivex https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1200 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-3504 https://nvd.nist.gov/vuln/detail/CVE-2021-3504 openEuler-20.03-LTS-SP1 python3-hivex-1.3.17-3.oe1.aarch64.rpm ocaml-hivex-devel-1.3.17-3.oe1.aarch64.rpm hivex-debuginfo-1.3.17-3.oe1.aarch64.rpm python2-hivex-1.3.17-3.oe1.aarch64.rpm hivex-1.3.17-3.oe1.aarch64.rpm perl-hivex-1.3.17-3.oe1.aarch64.rpm ocaml-hivex-1.3.17-3.oe1.aarch64.rpm hivex-debugsource-1.3.17-3.oe1.aarch64.rpm hivex-devel-1.3.17-3.oe1.aarch64.rpm ruby-hivex-1.3.17-3.oe1.aarch64.rpm hivex-help-1.3.17-3.oe1.noarch.rpm hivex-1.3.17-3.oe1.src.rpm ocaml-hivex-1.3.17-3.oe1.x86_64.rpm hivex-1.3.17-3.oe1.x86_64.rpm ocaml-hivex-devel-1.3.17-3.oe1.x86_64.rpm hivex-debuginfo-1.3.17-3.oe1.x86_64.rpm ruby-hivex-1.3.17-3.oe1.x86_64.rpm perl-hivex-1.3.17-3.oe1.x86_64.rpm python2-hivex-1.3.17-3.oe1.x86_64.rpm hivex-devel-1.3.17-3.oe1.x86_64.rpm python3-hivex-1.3.17-3.oe1.x86_64.rpm hivex-debugsource-1.3.17-3.oe1.x86_64.rpm A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. 2021-05-30 CVE-2021-3504 openEuler-20.03-LTS-SP1 High 8.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N hivex security update 2021-05-30 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1200