Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Fedora 24 Security Update: Critical Issues in Tre Library

fedora
Calendar Grey November 14, 2016
Dist Fedora Esm H88
This revision for the tre regexp library tackles significant concerns and delivers crucial performance enhancements for Fedora 24.
This update includes the following fixes: * fix for CVE-2016-8859 * fix for CVE-2015-3796 (see https://github.com/laurikari/tre/issues/37 and * fix for parallel installation of mu...

Summary

TRE is a lightweight, robust, and efficient POSIX compatible regexp

matching library with some exciting features such as approximate

matching.

Update Information:

This update includes the following fixes: * fix for CVE-2016-8859 * fix for CVE-2015-3796 (see https://github.com/laurikari/tre/issues/37 and * fix for parallel installation of multilib packages

Change Log

References


[ 1 ] Bug #1387112 - CVE-2016-8859 tre: Regex integer overflow in buffer size computations https://bugzilla.redhat.com/show_bug.cgi?id=1387112

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade tre' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: tre
Product: Fedora 24
Version: 0.8.0
Release: 18.20140228gitc2f5d13.fc24
URL:
Summary: POSIX compatible regexp library with approximate matching

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.