Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Fedora 21 pcre Critical: Buffer And Heap Overflow Security Fix

fedora
Calendar Grey September 11, 2015
Scroller Fedora
Essential patch for Fedora 21 tackling heap and buffer overflow vulnerabilities within the pcre library to fortify security protocols.
This release fixes a heap overflow when compiling certain regular expressions with named refecences

Summary

Perl-compatible regular expression library.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes a heap overflow when compiling certain regular expressions with named refecences. This release fixes buffer overflows when compiling certain expressions.

Change Log

References


[ 1 ] Bug #1250943 - pcre: heap buffer overflow with a crafted regular expression https://bugzilla.redhat.com/show_bug.cgi?id=1250943 [ 2 ] Bug #1256449 - pcre: Heap Overflow in compile_regex() https://bugzilla.redhat.com/show_bug.cgi?id=1256449

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pcre
Product: Fedora 21
Version: 8.35
Release: 14.fc21
URL: /
Summary: Perl-compatible regular expression library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.