安全公告详情

NS-SA-2021-0112

2021-09-24 00:30:31

简介

important: hivex/firefox security update

严重级别

important

主题

An update for hivex/firefox is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

hivex: ocaml-hivex-devel contains development libraries required to use the OCaml bindings for hivex.
firefox: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.


Security Fix(es):
hivex: A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.(CVE-2021-3504)
hivex: bugfix
firefox: Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.(CVE-2021-29967)
firefox: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F34B4.

影响组件

  • hivex
  • firefox

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["hivex-1.3.10-6.11.el7_9.x86_64.rpm","hivex-debuginfo-1.3.10-6.11.el7_9.x86_64.rpm","ruby-hivex-1.3.10-6.11.el7_9.x86_64.rpm","perl-hivex-1.3.10-6.11.el7_9.x86_64.rpm","python-hivex-1.3.10-6.11.el7_9.x86_64.rpm","hivex-devel-1.3.10-6.11.el7_9.x86_64.rpm","ocaml-hivex-devel-1.3.10-6.11.el7_9.x86_64.rpm","ocaml-hivex-1.3.10-6.11.el7_9.x86_64.rpm"],"source":"hivex-1.3.10-6.11.el7_9.src.rpm"},{"binary":["firefox-debuginfo-78.11.0-3.el7.centos.x86_64.rpm","firefox-78.11.0-3.el7.centos.x86_64.rpm"],"source":"firefox-78.11.0-3.el7.centos.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["hivex-1.3.10-6.11.el7_9.x86_64.rpm","hivex-debuginfo-1.3.10-6.11.el7_9.x86_64.rpm","ruby-hivex-1.3.10-6.11.el7_9.x86_64.rpm","perl-hivex-1.3.10-6.11.el7_9.x86_64.rpm","python-hivex-1.3.10-6.11.el7_9.x86_64.rpm","hivex-devel-1.3.10-6.11.el7_9.x86_64.rpm","ocaml-hivex-devel-1.3.10-6.11.el7_9.x86_64.rpm","ocaml-hivex-1.3.10-6.11.el7_9.x86_64.rpm"],"source":"hivex-1.3.10-6.11.el7_9.src.rpm"},{"binary":["firefox-debuginfo-78.11.0-3.el7.centos.x86_64.rpm","firefox-78.11.0-3.el7.centos.x86_64.rpm"],"source":"firefox-78.11.0-3.el7.centos.src.rpm"}]}]}

CVE

参考