Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0395
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0395)
Summary:	The remote host is missing an update for the 'tre' package(s) announced via the MGASA-2016-0395 advisory.
Description:	Summary: The remote host is missing an update for the 'tre' package(s) announced via the MGASA-2016-0395 advisory. Vulnerability Insight: The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression (CVE-2015-3796). A vulnerability has been found in the tre package that could allow an attacker to perform controlled heap corruption (CVE-2016-8859). Affected Software/OS: 'tre' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3796 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html BugTraq ID: 76343 http://www.securityfocus.com/bid/76343 https://www.exploit-db.com/exploits/38263/ http://www.securitytracker.com/id/1033275 Common Vulnerability Exposure (CVE) ID: CVE-2016-8859 BugTraq ID: 93795 http://www.securityfocus.com/bid/93795 https://security.gentoo.org/glsa/201701-11 https://security.gentoo.org/glsa/202007-43 http://www.openwall.com/lists/oss-security/2016/10/19/1 http://www.openwall.com/lists/oss-security/2016/10/19/10 SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.