[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: [SECURITY] [DSA 3653-1] flex security update
From: Ewa Dudzic <ewa.dudzic () hakin9 ! org>
Date: 2016-08-26 10:59:39
Message-ID: CAMyjXYJsaYUh0eikxnsCKdD0Q5_BJ-P27cB0n1oJ8+pcxBWApQ () mail ! gmail ! com
[Download RAW message or body]
Please remove me from this list
If you have any questions, please do not hesitate to contact me.
Warmest regards,
Ewa
-------------------
Ewa Dudzic
Managing Editor
Hakin9 is the best source for the IT Security Experts. If you one of them,
you can subscribe or you can share your knowledge with others to popularise
your own ideas.
www.hakin9.org
www.bsdmag.org
This message and any attachments are confidential as a business secret and
are intended solely for the use of the individual or entity to whom they
are addressed. If you are not the intended recipient, please telephone or
e-mail the sender and delete this message and any attachment from your
system. Also, if you are not the intended recipient you should not disclose
the content or take/retain/distribute any copies. The content of the
correspondence is directed exclusively to its addressee and may be
disclosed to third parties only with the consent of the sender. Disclosure
of the content of the correspondence without the consent of the sender will
be a violation of the secrecy of correspondence and thus personal property
of Hakin9 Media Sp. z o. o. S.K.
On Thu, Aug 25, 2016 at 11:14 PM, Moritz Muehlenhoff <jmm@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------
> -------------
> Debian Security Advisory DSA-3653-1 security@debian.org
> https://www.debian.org/security/ Moritz Muehlenhoff
> August 25, 2016 https://www.debian.org/security/faq
> - ------------------------------------------------------------
> -------------
>
> Package : flex
> CVE ID : CVE-2016-6354
> Debian Bug : 832768
>
> Alexander Sulfrian discovered a buffer overflow in the
> yy_get_next_buffer() function generated by Flex, which may result in
> denial of service and potentially the execution of code if operating on
> data from untrusted sources.
>
> Affected applications need to be rebuild. bogofilter will be rebuild
> against the updated flex in a followup update. Further affected
> applications should be reported at the bug referenced above.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 2.5.39-8+deb8u1.
>
> For the testing distribution (stretch), this problem has been fixed
> in version 2.6.1-1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 2.6.1-1.
>
> We recommend that you upgrade your flex packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJXv19RAAoJEBDCk7bDfE42xRgQALBewRN/pCOPBDjGxr4f+XZT
> OoiNoeYrhllVJG17lDzovKGWXl3x84YODLtdZmlPjJ+QnIM7xetbxhdZw8QnSrH/
> zq6Xd0d9/6mdCmz6+fD0DOCyVe+Q7d1UHCql76NEn/txS8eF1ohhYi++haENGRAd
> H9bELYN4eXgBcYyR5tvoU2FcufZqNTikqHiEgkt+KYatk/3pdWvNnhpn9m8xCGo5
> X265+S1YzR0SOgd/uqg8Db2nM7vjTvnvrMkJwyA31Z7Yif1g2/RYUsEtj0LwQ80e
> fvla7xI3eh9gjwOel/PRCnt/zJcmptTwMbvaE+2bSbLYyTInOdqjF8DhE9TBXTpJ
> t1YMVXXyBIIsHF2JBgp4TwXDRbERZwEgXr/1ma+qiN7ZlaFjp8wTadsxrffNECqO
> erDH4cyUd8Tq66VTZjSY3fIblYu4iq8oQjzhaetMwapo7bgbIVtNbK+uEsTcM1iO
> 86Ears8v2sW+TRLkOt6f/hsD0CNaprmrB93AjPAnqMeBEF4BHiOiFsMzUu+WB6Tv
> fKLwyBCcuwzWfIhkp0TsA3M1w6NFmbptwoPTqZh8HxR3/mvRDqxN0VBtnjc4uCPh
> KB6Ru9eDV9ryC5HZU9x+aov1adFIb9UOR1tpcoofjdZFIrMY0wpYW2bYAWxtKzwF
> KLv/nM+8ZtSX8buo0LM2
> =7JTW
> -----END PGP SIGNATURE-----
>
>
[Attachment #3 (text/html)]
<div dir="ltr"><div class="gmail_default" \
style="font-family:arial,helvetica,sans-serif;color:#000000">Please remove me from \
this list</div></div><div class="gmail_extra"><br clear="all"><div><div \
class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div \
dir="ltr">If you have any questions, please do not hesitate to contact me.<br>Warmest \
regards,<br>Ewa<div><br></div><div><br><div><font \
size="1">-------------------</font></div><div><font size="1">Ewa Dudzic<br>Managing \
Editor</font></div><div><font size="1">Hakin9 is the best source for the IT Security \
Experts. If you one of them, you can subscribe or you can share your knowledge with \
others to popularise your own ideas.</font></div><div><font size="1"><br><a \
href="http://www.hakin9.org" target="_blank">www.hakin9.org</a></font><div><font \
size="1"><a href="http://www.bsdmag.org" \
target="_blank">www.bsdmag.org</a></font></div><div><font size="1"><br>This message \
and any attachments are confidential as a business secret and are intended solely for \
the use of the individual or entity to whom they are addressed. If you are not the \
intended recipient, please telephone or e-mail the sender and delete this message and \
any attachment from your system. Also, if you are not the intended recipient you \
should not disclose the content or take/retain/distribute any copies. The content of \
the correspondence is directed exclusively to its addressee and may be disclosed to \
third parties only with the consent of the sender. Disclosure of the content of the \
correspondence without the consent of the sender will be a violation of the secrecy \
of correspondence and thus personal property of Hakin9 Media Sp. z o. o. \
S.K.</font></div></div></div></div></div></div></div></div> <br><div \
class="gmail_quote">On Thu, Aug 25, 2016 at 11:14 PM, Moritz Muehlenhoff <span \
dir="ltr"><<a href="mailto:jmm@debian.org" \
target="_blank">jmm@debian.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
- ------------------------------<wbr>------------------------------<wbr>-------------<br>
Debian Security Advisory DSA-3653-1 <a \
href="mailto:security@debian.org">security@debian.org</a><br> <a \
href="https://www.debian.org/security/" rel="noreferrer" \
target="_blank">https://www.debian.org/<wbr>security/</a> \
Moritz Muehlenhoff<br> August 25, 2016 <a \
href="https://www.debian.org/security/faq" rel="noreferrer" \
target="_blank">https://www.debian.org/<wbr>security/faq</a><br>
- ------------------------------<wbr>------------------------------<wbr>-------------<br>
<br>
Package : flex<br>
CVE ID : CVE-2016-6354<br>
Debian Bug : 832768<br>
<br>
Alexander Sulfrian discovered a buffer overflow in the<br>
yy_get_next_buffer() function generated by Flex, which may result in<br>
denial of service and potentially the execution of code if operating on<br>
data from untrusted sources.<br>
<br>
Affected applications need to be rebuild. bogofilter will be rebuild<br>
against the updated flex in a followup update. Further affected<br>
applications should be reported at the bug referenced above.<br>
<br>
For the stable distribution (jessie), this problem has been fixed in<br>
version 2.5.39-8+deb8u1.<br>
<br>
For the testing distribution (stretch), this problem has been fixed<br>
in version 2.6.1-1.<br>
<br>
For the unstable distribution (sid), this problem has been fixed in<br>
version 2.6.1-1.<br>
<br>
We recommend that you upgrade your flex packages.<br>
<br>
Further information about Debian Security Advisories, how to apply<br>
these updates to your system and frequently asked questions can be<br>
found at: <a href="https://www.debian.org/security/" rel="noreferrer" \
target="_blank">https://www.debian.org/<wbr>security/</a><br> <br>
Mailing list: <a href="mailto:debian-security-announce@lists.debian.org">debian-security-announce@<wbr>lists.debian.org</a><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
<br>
iQIcBAEBAgAGBQJXv19RAAoJEBDCk7<wbr>bDfE42xRgQALBewRN/<wbr>pCOPBDjGxr4f+XZT<br>
OoiNoeYrhllVJG17lDzovKGWXl3x84<wbr>YODLtdZmlPjJ+<wbr>QnIM7xetbxhdZw8QnSrH/<br>
zq6Xd0d9/6mdCmz6+fD0DOCyVe+<wbr>Q7d1UHCql76NEn/txS8eF1ohhYi++<wbr>haENGRAd<br>
H9bELYN4eXgBcYyR5tvoU2FcufZqNT<wbr>ikqHiEgkt+KYatk/<wbr>3pdWvNnhpn9m8xCGo5<br>
X265+S1YzR0SOgd/<wbr>uqg8Db2nM7vjTvnvrMkJwyA31Z7Yif<wbr>1g2/RYUsEtj0LwQ80e<br>
fvla7xI3eh9gjwOel/PRCnt/<wbr>zJcmptTwMbvaE+<wbr>2bSbLYyTInOdqjF8DhE9TBXTpJ<br>
t1YMVXXyBIIsHF2JBgp4TwXDRbERZw<wbr>EgXr/1ma+<wbr>qiN7ZlaFjp8wTadsxrffNECqO<br>
erDH4cyUd8Tq66VTZjSY3fIblYu4iq<wbr>8oQjzhaetMwapo7bgbIVtNbK+<wbr>uEsTcM1iO<br>
86Ears8v2sW+TRLkOt6f/<wbr>hsD0CNaprmrB93AjPAnqMeBEF4BHiO<wbr>iFsMzUu+WB6Tv<br>
fKLwyBCcuwzWfIhkp0TsA3M1w6NFmb<wbr>ptwoPTqZh8HxR3/<wbr>mvRDqxN0VBtnjc4uCPh<br>
KB6Ru9eDV9ryC5HZU9x+<wbr>aov1adFIb9UOR1tpcoofjdZFIrMY0w<wbr>pYW2bYAWxtKzwF<br>
KLv/nM+8ZtSX8buo0LM2<br>
=7JTW<br>
-----END PGP SIGNATURE-----<br>
<br>
</blockquote></div><br></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic