logo
DATABASE RESOURCES PRICING ABOUT US

Debian DLA-1854-1 : libonig security update

Description

A use-after-free in onig_new_deluxe() in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). For Debian 8 'Jessie', this problem has been fixed in version 5.9.5-3.2+deb8u2. We recommend that you upgrade your libonig packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Related