Login-Name Passwort


Sicherheit: Denial of Service in PCRE
Aktuelle Meldungen Distributionen
Name: Denial of Service in PCRE
ID: FEDORA-2017-e4c6ab648b
Distribution: Fedora
Plattformen: Fedora 26
Datum: Fr, 21. April 2017, 19:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186



Fedora Update Notification
2017-04-21 14:26:09.124188

Name : pcre2
Product : Fedora 26
Version : 10.23
Release : 6.fc26
URL : http://www.pcre.org/
Summary : Perl-compatible regular expression library
Description :
PCRE2 is a re-working of the original PCRE (Perl-compatible regular
expression) library to provide an entirely new API.

PCRE2 is written in C, and it has its own API. There are three sets of
functions, one for the 8-bit library, which processes strings of bytes, one
for the 16-bit library, which processes strings of 16-bit values, and one for
the 32-bit library, which processes strings of 32-bit values. There are no C++
wrappers. This package provides support for strings in 8-bit and UTF-8
encodings. Install pcre2-utf16 or pcre2-utf32 packages for the other ones.

The distribution does contain a set of C wrapper functions for the 8-bit
library that are based on the POSIX regular expression API (see the pcre2posix
man page). These can be found in a library called libpcre2posix. Note that
this just provides a POSIX calling interface to PCRE2; the regular expressions
themselves still follow Perl syntax and semantics. The POSIX API is
restricted, and does not give full access to all of PCRE2's facilities.


Update Information:

This release fixes a crash when finding a Unicode property for a character
a code point greater than 0x10ffff in UTF-32 library while UTF mode is
and JIT mode is enabled. It also fixes an incortect cast in UTF validation


[ 1 ] Bug #1434504 - CVE-2017-7186 pcre: Invalid Unicode property lookup
(8.41/7, 10.24/2)

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade pcre2' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten