Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 35: FEDORA-2022-19f4c34184 Critical Out-of-Bounds Issues

fedora
Calendar Grey May 30, 2022
Dist Fedora Esm H88
Fedora 36 enhances mingw-pcre2 to version 10.41, incorporating vital patches that rectify memory-related vulnerabilities. Explore the specifics.
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.

Summary

Cross compiled Perl-compatible regular expression library for use with mingw32.

PCRE has its own native API, but a set of "wrapper" functions that are based on

the POSIX API are also supplied in the library libpcreposix. Note that this

just provides a POSIX calling interface to PCRE: the regular expressions

themselves still follow Perl syntax and semantics. The header file

for the POSIX-style functions is called pcreposix.h.

Update to pcre2-10.40, see

https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.

* Sun May 1 2022 Sandro Mani - 10.40-1

- Update to 10.40

* Fri Mar 25 2022 Sandro Mani - 10.39-3

- Rebuild with mingw-gcc-12

* Thu Jan 20 2022 Fedora Release Engineering - 10.39-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Fri Nov 5 2021 Sandro Mani - 10.39-1

- Update to 10.39

[ 1 ] Bug #2081957 - CVE-2022-1586 mingw-pcre2: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2081957

[ 2 ] Bug #2081976 - CVE-2022-1587 mingw-pcre2: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2081976

su -c 'dnf upgrade --advisory FEDORA-2022-19f4c34184' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory fedora critical software update out-of-bounds mingw-pcre2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 10.40
Release: 1.fc35
URL:
Summary: MinGW Windows pcre2 library

Topics%20covered

Topics Covered

security advisory fedora critical software update out-of-bounds mingw-pcre2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here