Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 22 FEDORA-2015-12921 Moderate: pcre Buffer Overflow Issue

fedora
Calendar Grey August 13, 2015
Dist Fedora Esm H88
The Linux Kernel Alert informs users about a pivotal update concerning a pcre vulnerability that resolves significant memory corruption issues.
This release fixes buffer overflows when compiling certain expressions.

Summary

Perl-compatible regular expression library.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes buffer overflows when compiling certain expressions.

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow Fedora fix pcre

Change Log

* Thu Aug 6 2015 Petr Pisar - 8.37-3 - Fix a buffer overflow with duplicated named groups with a reference between their definition, with a group that reset capture numbers- Fix a buffer overflow with a forward reference by name to a group whose number is the same as the current group - Fix a buffer overflow with duplicated named groups and an occurrence of "(?|" * Wed Jul 1 2015 Petr Pisar - 8.37-2 - Fix CVE-2015-3210 (heap overflow when compiling an expression with named recursive back reference and the name is duplicated) (bug #1236659) - Fix CVE-2015-5073 (heap overflow when compiling an expression with an forward reference within backward asserion with excessive closing paranthesis) (bug #1237224)

References


[ 1 ] Bug #1250943 - pcre: heap buffer overflow with a crafted regular expression https://bugzilla.redhat.com/show_bug.cgi?id=1250943

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: pcre
Product: Fedora 22
Version: 8.37
Release: 3.fc22
URL: /
Summary: Perl-compatible regular expression library

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow Fedora fix pcre

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here