Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 503
Alerts This Week
Warning Icon 1 503

Fedora 22: 2015-afafa29551 Moderate: Heap Overflow in pcre

fedora
Calendar Grey December 12, 2015
Dist Fedora Esm H88
This patch addresses significant vulnerabilities in pcre, specifically targeting heap overflows and rectifying expression-related crashes.
This release fixes CVE-2015-8380 (a heap-based buffer overflow in pcre_exec() when ovector has size 1)

Summary

Perl-compatible regular expression library.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes CVE-2015-8380 (a heap-based buffer overflow in pcre_exec() when ovector has size 1). ---- This release fixes a crash when compiling an expression with long (*MARK) or (*THEN) names. It also fixes compiling a POSIX character class followed by a single ASCII character in a class item while UCP mode is active. It also fixes mismatching characters in the range 128-255 against [:punct:] in UCP mode.

Change Log

References


[ 1 ] Bug #1285413 - CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec https://bugzilla.redhat.com/show_bug.cgi?id=1285413

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: pcre
Product: Fedora 22
Version: 8.37
Release: 7.fc22
URL: /
Summary: Perl-compatible regular expression library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.