Name : pcre Product : Fedora 22 Version : 8.38 Release : 1.fc22 URL : http://www.pcre.org/ Summary : Perl-compatible regular expression library Description : Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are based on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow Perl syntax and semantics. The header file for the POSIX-style functions is called pcreposix.h.
------------------------------------------------------------------------------- - Update Information:
This release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394. It also fixes compiling comments with auto-callouts, compiling expressions with negated classes in UCP mode, compiling expressions with an isolated \E between an item and its qualifier with auto-callouts, a crash in regexec() if REG_STARTEND option is set and pmatch argument is NULL, a stack overflow when formatting a 32-bit integer in pcregrep tool, compiling expressions with an empty \Q\E sequence between an item and its qualifier with auto-callouts, compiling expressions with global extended modifier that is disabled by local no-extended option at the start of the expression just after a whitespace, a possible crash in pcre_copy_named_substring() if a named substring has number greater than the space in the ovector, a buffer overflow when compiling an expression with named groups with a group that reset capture numbers, and a crash in pcre_get_substring_list() if the use of \K caused the start of the match to be earlier than the end. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group https://bugzilla.redhat.com/show_bug.cgi?id=1287614 [ 2 ] Bug #1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion https://bugzilla.redhat.com/show_bug.cgi?id=1287636 [ 3 ] Bug #1287646 - CVE-2015-8387 pcre: Integer overflow in subroutine calls https://bugzilla.redhat.com/show_bug.cgi?id=1287646 [ 4 ] Bug #1287659 - CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns https://bugzilla.redhat.com/show_bug.cgi?id=1287659 [ 5 ] Bug #1287666 - CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns https://bugzilla.redhat.com/show_bug.cgi?id=1287666 [ 6 ] Bug #1287671 - CVE-2015-8391 pcre: Some pathological patterns causes pcre_compile() to run for a very long time https://bugzilla.redhat.com/show_bug.cgi?id=1287671 [ 7 ] Bug #1287695 - CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary https://bugzilla.redhat.com/show_bug.cgi?id=1287695 [ 8 ] Bug #1287702 - CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions https://bugzilla.redhat.com/show_bug.cgi?id=1287702 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update pcre' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|