Bug 183477 - SA19071 Flex Unspecified Scanner Vulnerabilities
SA19071 Flex Unspecified Scanner Vulnerabilities
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: flex (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Machata
http://secunia.com/advisories/19071/
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-01 07:16 EST by Ignacio Vazquez-Abrams
Modified: 2015-05-04 21:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-02 08:41:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ignacio Vazquez-Abrams 2006-03-01 07:16:37 EST
"Some vulnerabilities have been reported in Flex, which has an unknown impact."

"The vulnerabilities have been reported in versions prior to 2.5.33."
Comment 1 Petr Machata 2006-03-01 07:50:38 EST
Does anybody know anything more concrete? Knowing that there are "some"
vulnerabilities with "unknown impact" isn't particularly helpful. Flex doesn't
manage a changelog. In NEWS, the most concrete is "numerous bug and security
fixes"...
Comment 2 Josh Bressers 2006-03-02 08:41:06 EST
This issue does not affect the version of flex we ship in Fedora Core 4 or 5,
nor do any of the prebuilt flex files contained in any source files suffer from
this exploit.  The Red Hat Security Response Team did a very through analysis of
this problem in order to come to this conclusion.

The problem is that in newer versions of flex don't allocate enough space for
the pattern state machine.  The old versions of flex used static arrays, where
the newer versions dynamically allocate the space needed.  This dynamic
allocation incorrectly calculated the space required.

The flex commit is here:
http://cvs.sourceforge.net/viewcvs.py/flex/flex/flex.skl?rev=2.193&view=auto

Note You need to log in before you can comment on or make changes to this bug.