Executive Summary
| Summary | |
|---|---|
| Title | flex security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-3653 | First vendor Publication | 2016-08-25 |
| Vendor | Debian | Last vendor Modification | 2016-09-04 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Updated packages are now available to address these problems. For reference, the relevant part of the original advisory text follows. Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer() function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources. Affected applications need to be rebuild. For the stable distribution (jessie), this problem has been fixed in version 2.5.39-8+deb8u2. We recommend that you upgrade your flex packages. |
Original Source
| Url : http://www.debian.org/security/2016/dsa-3653 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-02-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201802-03.nasl - Type : ACT_GATHER_INFO |
| 2017-05-31 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-1442-1.nasl - Type : ACT_GATHER_INFO |
| 2017-04-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_53_0.nasl - Type : ACT_GATHER_INFO |
| 2017-04-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_52_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2017-04-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_45_9_esr.nasl - Type : ACT_GATHER_INFO |
| 2017-04-24 | Name : The remote macOS or Mac OS X host contains a web browser that is affected by ... File : macosx_firefox_53_0.nasl - Type : ACT_GATHER_INFO |
| 2017-04-24 | Name : The remote macOS or Mac OS X host contains a web browser that is affected by ... File : macosx_firefox_52_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2017-04-24 | Name : The remote macOS or Mac OS X host contains a web browser that is affected by ... File : macosx_firefox_45_9_esr.nasl - Type : ACT_GATHER_INFO |
| 2017-02-02 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-189.nasl - Type : ACT_GATHER_INFO |
| 2017-01-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-31.nasl - Type : ACT_GATHER_INFO |
| 2016-12-12 | Name : The remote Fedora host is missing a security update. File : fedora_2016-8d79ade826.nasl - Type : ACT_GATHER_INFO |
| 2016-10-05 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1155.nasl - Type : ACT_GATHER_INFO |
| 2016-09-28 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2397-1.nasl - Type : ACT_GATHER_INFO |
| 2016-09-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1120.nasl - Type : ACT_GATHER_INFO |
| 2016-09-08 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1057.nasl - Type : ACT_GATHER_INFO |
| 2016-09-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2195-1.nasl - Type : ACT_GATHER_INFO |
| 2016-09-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2131-1.nasl - Type : ACT_GATHER_INFO |
| 2016-09-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2061-1.nasl - Type : ACT_GATHER_INFO |
| 2016-08-30 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1028.nasl - Type : ACT_GATHER_INFO |
| 2016-08-29 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1019.nasl - Type : ACT_GATHER_INFO |
| 2016-08-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3653.nasl - Type : ACT_GATHER_INFO |
| 2016-08-09 | Name : The remote Fedora host is missing a security update. File : fedora_2016-c9ad9582f7.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-09-22 21:26:57 |
|
| 2016-09-21 21:31:09 |
|
| 2016-09-04 17:24:39 |
|
| 2016-08-27 13:26:29 |
|
| 2016-08-26 00:23:41 |
|
