Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

Fedora 23 FEDORA-2016-65833b5dbc Critical: pcre Heap Issue

fedora
Calendar Grey March 2, 2016
Dist Fedora Esm H88
Fedora 23 has released a critical update for PCRE to fix vulnerabilities causing buffer overflows and infinite loops, enhancing app security and stability
This release fixes a heap buffer overflow in handling of nested duplicate named groups with a nested back reference and a heap buffer overflow in pcretest causing infinite loop whe...

Summary

Perl-compatible regular expression library.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes a heap buffer overflow in handling of nested duplicate named groups with a nested back reference and a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2.

Change Log

References


[ 1 ] Bug #1295385 - CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate named groups (8.39/14) https://bugzilla.redhat.com/show_bug.cgi?id=1295385 [ 2 ] Bug #1312782 - pcre: Heap buffer overflow in pcretest causing infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1312782

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pcre
Product: Fedora 23
Version: 8.38
Release: 6.fc23
URL:
Summary: Perl-compatible regular expression library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.