Advisories » MGASA-2016-0396

Updated flex packages fix security vulnerability

Publication date: 23 Nov 2016
Modification date: 23 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6354

Description

It was found that flex incorrectly resized the num_to_read variable in
yy_get_next_buffer. The buffer is resized if this value is less or equal
to zero. With special crafted input it is possible, that the buffer is not
resized if the input is larger than the default buffer size of 16k. This
allows a heap buffer overflow. It may be possible to exploit this
remotely, depending on the application that is built using flex
(CVE-2016-6354).

Note that any affected applications would need to be rebuilt with the
updated flex to fully fix this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19063
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KZDEYNSCYVEMOKRO6EJOUZS7WM5WB43M/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354

SRPMS

5/core

• flex-2.5.39-3.1.mga5