GLSA-200603-07 : flex: Potential insecure code generation
High Nessus Plugin ID 21045
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200603-07 (flex: Potential insecure code generation)
Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or rules with a 'variable trailing context' might be at risk.
An attacker could feed malicious input to an application making use of an affected scanner and trigger the buffer overflow, potentially resulting in the execution of arbitrary code.
Avoid using vulnerable grammar in your flex scanners.
SolutionAll flex users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-devel/flex-2.5.33-r1'