Описание
Security update for tre
This update for tre fixes one issue.
This security issue was fixed:
- CVE-2016-8859: Fixed multiple integer overflows which allowed attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggered an out-of-bounds write (boo#1005483)
Список пакетов
openSUSE Leap 42.2
agrep-0.8.0_git201402282055-10.1
libtre5-0.8.0_git201402282055-10.1
python-tre-0.8.0_git201402282055-10.1
tre-0.8.0_git201402282055-10.1
tre-devel-0.8.0_git201402282055-10.1
tre-lang-0.8.0_git201402282055-10.1
openSUSE Leap 42.3
agrep-0.8.0_git201402282055-10.1
libtre5-0.8.0_git201402282055-10.1
python-tre-0.8.0_git201402282055-10.1
tre-0.8.0_git201402282055-10.1
tre-devel-0.8.0_git201402282055-10.1
tre-lang-0.8.0_git201402282055-10.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0222-1
- SUSE Security Ratings
Описание
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
Затронутые продукты
openSUSE Leap 42.2:agrep-0.8.0_git201402282055-10.1
openSUSE Leap 42.2:libtre5-0.8.0_git201402282055-10.1
openSUSE Leap 42.2:python-tre-0.8.0_git201402282055-10.1
openSUSE Leap 42.2:tre-0.8.0_git201402282055-10.1
Ссылки
- CVE-2016-8859
- SUSE Bug 1005483