Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 520
Alerts This Week
Warning Icon 1 520

Fedora 23: Critical Flex Update for Buffer Overflow Issue

fedora
Calendar Grey December 10, 2016
Dist Fedora Esm H88
The software component has been revised to fix a critical memory overflow vulnerability. Please install the update immediately to strengthen overall system protection.
Change type for num_to_read from yy_size_t to int.

Summary

The flex program generates scanners. Scanners are programs which can

recognize lexical patterns in text. Flex takes pairs of regular

expressions and C code as input and generates a C source file as

output. The output file is compiled and linked with a library to

produce an executable. The executable searches through its input for

occurrences of the regular expressions. When a match is found, it

executes the corresponding C code. Flex was designed to work with

both Yacc and Bison, and is used by many programs as part of their

build process.

You should install flex if you are going to use your system for

application development.

Update Information:

Change type for num_to_read from yy_size_t to int.

Change Log

References


[ 1 ] Bug #1360743 - CVE-2016-6354 flex: buffer overflow in generated code (yy_get_next_buffer) https://bugzilla.redhat.com/show_bug.cgi?id=1360743

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade flex' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: flex
Product: Fedora 23
Version: 2.6.0
Release: 2.fc23
URL:
Summary: A tool for creating scanners (text pattern recognizers)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.