Updated tre packages fix security vulnerability
Publication date: 21 Nov 2016Modification date: 21 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-3796 , CVE-2016-8859
Description
The TRE library allows context-dependent attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted regular expression (CVE-2015-3796).
A vulnerability has been found in the tre package that could allow an
attacker to perform controlled heap corruption (CVE-2016-8859).
References
SRPMS
5/core
- tre-0.8.0-12.1.mga5