Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2016.0396
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0396)
Zusammenfassung:	The remote host is missing an update for the 'flex' package(s) announced via the MGASA-2016-0396 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'flex' package(s) announced via the MGASA-2016-0396 advisory. Vulnerability Insight: It was found that flex incorrectly resized the num_to_read variable in yy_get_next_buffer. The buffer is resized if this value is less or equal to zero. With special crafted input it is possible, that the buffer is not resized if the input is larger than the default buffer size of 16k. This allows a heap buffer overflow. It may be possible to exploit this remotely, depending on the application that is built using flex (CVE-2016-6354). Note that any affected applications would need to be rebuilt with the updated flex to fully fix this issue. Affected Software/OS: 'flex' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6354 Debian Security Information: DSA-3653 (Google Search) http://www.debian.org/security/2016/dsa-3653 https://security.gentoo.org/glsa/201701-31 http://www.openwall.com/lists/oss-security/2016/07/18/8 http://www.openwall.com/lists/oss-security/2016/07/26/12
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.