Mehrere Probleme in mingw-pcre
ID: | FEDORA-2016-f59a8ff5d0 |
Distribution: | Fedora |
Plattformen: | Fedora 22 |
Datum: | Mi, 17. Februar 2016, 07:03 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8383 |
Applikationen: | PCRE |
Originalnachricht |
|
Name : mingw-pcre Product : Fedora 22 Version : 8.38 Release : 1.fc22 URL : http://www.pcre.org/ Summary : MinGW Windows pcre library Description : Cross compiled Perl-compatible regular expression library for use with mingw32. PCRE has its own native API, but a set of "wrapper" functions that are based on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow Perl syntax and semantics. The header file for the POSIX-style functions is called pcreposix.h. -------------------------------------------------------------------------------- Update Information: Update to 8.38 and fix various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1236660 - CVE-2015-3210 mingw-pcre: pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1236660 [ 2 ] Bug #1237225 - CVE-2015-5073 mingw-pcre: pcre: heap buffer overflow in find_fixedlength() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1237225 [ 3 ] Bug #1249905 - mingw-pcre: php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1249905 [ 4 ] Bug #1250947 - mingw-pcre: pcre: heap buffer overflow with a crafted regular expression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1250947 [ 5 ] Bug #1256453 - mingw-pcre: pcre: Heap Overflow in compile_regex() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1256453 [ 6 ] Bug #1287616 - CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287616 [ 7 ] Bug #1287626 - CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287626 [ 8 ] Bug #1287631 - CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287631 [ 9 ] Bug #1287640 - CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287640 [ 10 ] Bug #1287648 - CVE-2015-8387 mingw-pcre: pcre: Integer overflow in subroutine calls [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287648 [ 11 ] Bug #1287656 - CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287656 [ 12 ] Bug #1287661 - CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287661 [ 13 ] Bug #1287668 - CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287668 [ 14 ] Bug #1287673 - CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287673 [ 15 ] Bug #1287692 - CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287692 [ 16 ] Bug #1287698 - CVE-2015-8393 mingw-pcre: pcre: Information leak when running pcgrep -q on crafted binary [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287698 [ 17 ] Bug #1287704 - CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused by missing check for certain conditions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287704 [ 18 ] Bug #1287720 - CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused by certain references [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287720 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mingw-pcre' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |