drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in flex (Aktualisierung)
Name: |
Pufferüberlauf in flex (Aktualisierung) |
|
ID: |
DSA-3653-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
So, 4. September 2016, 23:11 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 |
|
Applikationen: |
Fast Lexical Analyzer Generator |
|
Update von: |
Pufferüberlauf in flex |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3653-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : flex CVE ID : CVE-2016-6354 Debian Bug : 832768 835542
It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Updated packages are now available to address these problems. For reference, the relevant part of the original advisory text follows.
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer() function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources.
Affected applications need to be rebuild.
For the stable distribution (jessie), this problem has been fixed in version 2.5.39-8+deb8u2.
We recommend that you upgrade your flex packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXzDTaAAoJEAVMuPMTQ89Ez80QAIaJtG0fhnmq8dDxQurzez3M 8fv97V+Jw+nfgka+qoCZoyUWf89xqORdoFK5MwLzzVBFsxN9qMnf45ltZPDTZqez dxfqChPq5i0sG5uvWm5BAR/fw8S0MuwjdQNwBdgmSsAlIIQJQOnN6G5Wq6novVVs AXB/T0afc0/0NFH0/f8vy5vpVABCLxFeKVFN575N5YUw9JuM7UMQXX8sk9lOthuZ tcaaYVR2a2rJYmxOHiA2N/AkNSORafJeWq+o4k3SPQ2hIUEuyvr7ZhH5qKFvhGqg u8VxjVtWw3QxNzvidXCun4b1O6oCbTprPLymh+WkBJzGYj8mVxW7MOibZwJuOiTY o0wImXyMajjI4xY531awTyetET0j0jDSwlhdeHQo53d8ZE6kYZpgQRt3sPlXd0+Z tX1v55QhlNDW5ofT2klGokmbGsvmjLmSdMmrbIU3XBtkHn7CqgTeCq09MeuEPZRS g+iU35WrJ4SWqbrX7z7qrv9Bw/3LOcwN0V+Kkr0lo0nclTFU24j7m3i1suhQy9hN MssHl5tmYdtNveacxcEksIEIxo4MEPwLXRbadJap3GiGDuHnIh3so6RYfYdlcyu5 G3+IuNhutCXLHc87Xvlehr1grt9eoixfqw25NuswnGJBXfA8rKXLIYc09oEwlT0w tiMzMAb45jwxMgI7zbCO =G7Hy -----END PGP SIGNATURE-----
|
|
|
|