Package flex updated to version 2.6.4.0.88.9801-alt1 for branch sisyphus in task 218904.

Published: 2016-09-21
Modified: 2024-11-21

CVE-2016-6354

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

DSA-3653
DSA-3653
[oss-security] 20160718 CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)
[oss-security] 20160718 CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)
[oss-security] 20160726 Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)
[oss-security] 20160726 Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)
https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
GLSA-201701-31
GLSA-201701-31

ALT-specific change in flex introduces incompatibility

Version: 2.1.0

Package flex update in sisyphus on 2019-01-03

ALT-PU-2019-1003-1

Closed vulnerabilities

CVE-2016-6354

Closed bugs

Bug #35141