Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 22: pcre Security Update 2015-eb896290d3 Critical: Buffer Overflow

fedora
Calendar Grey January 4, 2016
Dist Fedora Esm H88
The latest update for Fedora 22 addresses several bugs tied to PCRE, fixing various problems linked to system crashes and memory handling flaws.
This release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394

Summary

Perl-compatible regular expression library.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394. It also fixes compiling comments with auto-callouts, compiling expressions with negated classes in UCP mode, compiling expressions with an isolated E between an item and its qualifier with auto-callouts, a crash in regexec() if REG_STARTEND option is set and pmatch argument is NULL, a stack overflow when formatting a 32-bit integer in pcregrep tool, compiling expressions with an empty QE sequence between an item and its qualifier with auto-callouts, compiling expressions with global extended modifier that is disabled by local no-extended option at the start of the expression just after a whitespace, a possible crash in pcre_copy_named_substring() if a named substring has number greater than the space in the ovector, a buffer overflow when compiling an expression with named groups with a group that reset capture numbers, and a...

Change Log

References


[ 1 ] Bug #1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group https://bugzilla.redhat.com/show_bug.cgi?id=1287614 [ 2 ] Bug #1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion https://bugzilla.redhat.com/show_bug.cgi?id=1287636 [ 3 ] Bug #1287646 - CVE-2015-8387 pcre: Integer overflow in subroutine calls https://bugzilla.redhat.com/show_bug.cgi?id=1287646 [ 4 ] Bug #1287659 - CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns https://bugzilla.redhat.com/show_bug.cgi?id=1287659 [ 5 ] Bug #1287666 - CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns https://bugzilla.redhat.com/show_bug.cgi?id=1287666 [ 6 ] Bug #1287671 - CVE-2015-8391 pcre: Some pathological patterns causes pcre_compile() to run for a very long time https://bugzilla.redhat.com/show_bug.cgi?id=1287671 [ 7 ] Bug #1287695 - CVE-201...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pcre
Product: Fedora 22
Version: 8.38
Release: 1.fc22
URL: /
Summary: Perl-compatible regular expression library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here