Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu 15.04, 14.04 LTS USN-2694-1: Moderate PCRE DoS Risk

ubuntu
Calendar Grey July 29, 2015
Scroller Ubuntu
Security issues in PCRE on Ubuntu may result in crashes or arbitrary code execution; users are advised to upgrade affected versions.
PCRE could be made to crash or run programs if it processed a specially-crafted regular expression.

Summary

PCRE could be made to crash or run programs if it processed a

specially-crafted regular expression.

Software Description:

- pcre3: Perl 5 Compatible Regular Expression Library

Details:

Michele Spagnuolo discovered that PCRE incorrectly handled certain regular

expressions. A remote attacker could use this issue to cause applications

using PCRE to crash, resulting in a denial of service, or possibly execute

arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)

Kai Lu discovered that PCRE incorrectly handled certain regular

expressions. A remote attacker could use this issue to cause applications

using PCRE to crash, resulting in a denial of service, or possibly execute

arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04.

(CVE-2015-2325, CVE-2015-2326)

Wen Guanxing discovered that PCRE incorrectly handled certain regular

expressions. A remote attacker could use this issue to cause applications

using PCRE to crash, ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  libpcre3                        2:8.35-3.3ubuntu1.1

Ubuntu 14.04 LTS:
  libpcre3                        1:8.31-2ubuntu2.1

Ubuntu 12.04 LTS:
  libpcre3                        8.12-4ubuntu0.1

After a standard system update you need to restart applications using PCRE,
such as the Apache HTTP server and Nginx, to make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-2694-1

CVE-2014-8964, CVE-2015-2325, CVE-2015-2326, CVE-2015-3210,

CVE-2015-5073

July 29, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.