important: hivex/firefox security update
An update for hivex/firefox is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
hivex: ocaml-hivex-devel contains development libraries required to use the OCaml bindings for hivex.
firefox: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
hivex: A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.(CVE-2021-3504)
firefox: Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.(CVE-2021-29967)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Remember the build tag is 5.04.F34B4.