Advisories ยป MGASA-2016-0395

Updated tre packages fix security vulnerability

Publication date: 21 Nov 2016
Modification date: 21 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-3796 , CVE-2016-8859

Description

The TRE library allows context-dependent attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted regular expression (CVE-2015-3796).

A vulnerability has been found in the tre package that could allow an
attacker to perform controlled heap corruption (CVE-2016-8859).
                

References

SRPMS

5/core