ArchLinux: 201710-18: pcre2: denial of service
Summary
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
Resolution
Upgrade to 10.30-1.
# pacman -Syu "pcre2>=10.30-1"
The problem has been fixed upstream in version 10.30.
References
;r2=1688&sortby=date https://bugs.exim.org/show_bug.cgi?id=2052 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ ;r2=670&sortby=date ;r2=670&sortby=date https://security.archlinux.org/CVE-2017-7186
Workaround
None.