This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201701-31
(flex: Potential insecure code generation)
A heap-based buffer overflow in the yy_get_next_buffer function in Flex
might allow context-dependent attackers to cause a denial of service or
possibly execute arbitrary code via vectors involving num_to_read.
Context-dependent attackers could cause a Denial of Service condition or
possibly execute arbitrary code with the privileges of the process.
There is no known workaround at this time.
See also :
All flex users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-devel/flex-2.6.1'
Packages which depend on flex may need to be recompiled. Tools such as
qdepends (included in app-portage/portage-utils) may assist in
identifying these packages:
# emerge --oneshot --ask --verbose $(qdepends -CQ sys-devel/flex | sed
Risk factor :
High / CVSS Base Score : 7.5