ArchLinux: 201603-18: pcre: arbitrary code execution
Summary
PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application.
Resolution
Upgrade to 8.38-3.
# pacman -Syu "pcre>=8.38-3"
The problem has been fixed upstream but no release is available yet.
References
https://access.redhat.com/security/cve/CVE-2016-1283 https://bugs.exim.org/show_bug.cgi?id=1767
Workaround
None.