What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-12921
2015-08-07 10:01:27
--------------------------------------------------------------------------------

Name        : pcre
Product     : Fedora 22
Version     : 8.37
Release     : 3.fc22
URL         : https://www.pcre.org/
Summary     : Perl-compatible regular expression library
Description :
Perl-compatible regular expression library.
PCRE has its own native API, but a set of "wrapper" functions that are based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.

--------------------------------------------------------------------------------
Update Information:

This release fixes buffer overflows when compiling certain expressions.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  6 2015 Petr Pisar  - 8.37-3
- Fix a buffer overflow with duplicated named groups with a reference between
  their definition, with a group that reset capture numbers- Fix a buffer overflow with a forward reference by name to a group whose
  number is the same as the current group
- Fix a buffer overflow with duplicated named groups and an occurrence of "(?|"
* Wed Jul  1 2015 Petr Pisar  - 8.37-2
- Fix CVE-2015-3210 (heap overflow when compiling an expression with named
  recursive back reference and the name is duplicated) (bug #1236659)
- Fix CVE-2015-5073 (heap overflow when compiling an expression with an
  forward reference within backward asserion with excessive closing
  paranthesis) (bug #1237224)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1250943 - pcre: heap buffer overflow with a crafted regular expression
        https://bugzilla.redhat.com/show_bug.cgi?id=1250943
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update pcre' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 22: pcre Security Update

August 13, 2015
This release fixes buffer overflows when compiling certain expressions.

Summary

Perl-compatible regular expression library.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes buffer overflows when compiling certain expressions.

Change Log

* Thu Aug 6 2015 Petr Pisar - 8.37-3 - Fix a buffer overflow with duplicated named groups with a reference between their definition, with a group that reset capture numbers- Fix a buffer overflow with a forward reference by name to a group whose number is the same as the current group - Fix a buffer overflow with duplicated named groups and an occurrence of "(?|" * Wed Jul 1 2015 Petr Pisar - 8.37-2 - Fix CVE-2015-3210 (heap overflow when compiling an expression with named recursive back reference and the name is duplicated) (bug #1236659) - Fix CVE-2015-5073 (heap overflow when compiling an expression with an forward reference within backward asserion with excessive closing paranthesis) (bug #1237224)

References

[ 1 ] Bug #1250943 - pcre: heap buffer overflow with a crafted regular expression https://bugzilla.redhat.com/show_bug.cgi?id=1250943

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : pcre
Product : Fedora 22
Version : 8.37
Release : 3.fc22
URL : https://www.pcre.org/
Summary : Perl-compatible regular expression library

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

OpenBSD 7.4 Released With New Hardware Support, Security Improvements

Oct 17, 2023

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

Oct 19, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo