Scientific Linux SL7.x: SLSA-2016:1025-1 Critical: PCRE Issues

Date: Tue, 10 May 2016 11:26:12 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0
Message-ID: <57320BA4.3040000@fnal.gov>

The following FASTBUGS have been uploaded to

i386:
firefox-45.1.1-1.el5_11.i386.rpm
sos-1.7-9.74.el5_11.noarch.rpm

x86_64:
firefox-45.1.1-1.el5_11.i386.rpm
firefox-45.1.1-1.el5_11.x86_64.rpm
sos-1.7-9.74.el5_11.noarch.rpm
Date: Wed, 11 May 2016 15:22:53 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: pcre on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160511152253.32022.94106@slpackages.fnal.gov>

Synopsis: Important: pcre security update
Advisory ID: SLSA-2016:1025-1
Issue Date: 2016-05-11
CVE Numbers: CVE-2015-3217
 CVE-2015-5073
 CVE-2015-8388
 CVE-2015-2328
 CVE-2015-8385
 CVE-2015-8386
 CVE-2015-8391
 CVE-2016-3191
--

Security Fix(es):

* Multiple flaws were found in the way PCRE handled malformed regular
expressions. An attacker able to make an application using PCRE process a
specially crafted regular expression could use these flaws to cause the
application to crash or, possibly, execute arbitrary code. (CVE-2015-8385,
CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388,
CVE-2015-8391, CVE-2015-8386)
--

SL7
 x86_64
 pcre-8.32-15.el7_2.1.i686.rpm
 pcre-8.32-15.el7_2.1.x86_64.rpm
 pcre-debuginfo-8.32-15.el7_2.1.i686.rpm
 pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm
 pcre-devel-8.32-15.el7_2.1.i686.rpm
 pcre-devel-8.32-15.el7_2.1.x86_64.rpm
 pcre-static-8.32-15.el7_2.1.i686.rpm
 pcre-static-8.32-15.el7_2.1.x86_64.rpm
 pcre-tools-8.32-15.el7_2.1.x86_64.rpm

- Scientific Linux Development Team