Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in PCRE
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PCRE
ID: FEDORA-2015-eb896290d3
Distribution: Fedora
Plattformen: Fedora 22
Datum: Mo, 4. Januar 2016, 23:53
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391
Applikationen: PCRE

Originalnachricht

Name        : pcre
Product : Fedora 22
Version : 8.38
Release : 1.fc22
URL : http://www.pcre.org/
Summary : Perl-compatible regular expression library
Description :
Perl-compatible regular expression library.
PCRE has its own native API, but a set of "wrapper" functions that are
based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.

-------------------------------------------------------------------------------
-
Update Information:

This release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386,
CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393,
CVE-2015-8394. It also fixes compiling comments with auto-callouts, compiling
expressions with negated classes in UCP mode, compiling expressions with an
isolated \E between an item and its qualifier with auto-callouts, a crash in
regexec() if REG_STARTEND option is set and pmatch argument is NULL, a stack
overflow when formatting a 32-bit integer in pcregrep tool, compiling
expressions with an empty \Q\E sequence between an item and its qualifier with
auto-callouts, compiling expressions with global extended modifier that is
disabled by local no-extended option at the start of the expression just after
a
whitespace, a possible crash in pcre_copy_named_substring() if a named
substring
has number greater than the space in the ovector, a buffer overflow when
compiling an expression with named groups with a group that reset capture
numbers, and a crash in pcre_get_substring_list() if the use of \K caused the
start of the match to be earlier than the end.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated
conditional group
https://bugzilla.redhat.com/show_bug.cgi?id=1287614
[ 2 ] Bug #1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind
assertion
https://bugzilla.redhat.com/show_bug.cgi?id=1287636
[ 3 ] Bug #1287646 - CVE-2015-8387 pcre: Integer overflow in subroutine calls
https://bugzilla.redhat.com/show_bug.cgi?id=1287646
[ 4 ] Bug #1287659 - CVE-2015-8389 pcre: Infinite recursion in JIT compiler
when processing certain patterns
https://bugzilla.redhat.com/show_bug.cgi?id=1287659
[ 5 ] Bug #1287666 - CVE-2015-8390 pcre: Reading from uninitialized memory
when processing certain patterns
https://bugzilla.redhat.com/show_bug.cgi?id=1287666
[ 6 ] Bug #1287671 - CVE-2015-8391 pcre: Some pathological patterns causes
pcre_compile() to run for a very long time
https://bugzilla.redhat.com/show_bug.cgi?id=1287671
[ 7 ] Bug #1287695 - CVE-2015-8393 pcre: Information leak when running pcgrep
-q on crafted binary
https://bugzilla.redhat.com/show_bug.cgi?id=1287695
[ 8 ] Bug #1287702 - CVE-2015-8394 pcre: Integer overflow caused by missing
check for certain conditions
https://bugzilla.redhat.com/show_bug.cgi?id=1287702
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update pcre' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung