MGASA-2016-0204

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0204.html

Import Source

https://advisories.mageia.org/MGASA-2016-0204.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0204

Related

Published

2016-05-23T22:00:58Z

Modified

2016-05-23T21:53:24Z

Summary

Updated pcre packages fix security vulnerabilities

Details

Updated pcre packages fix security vulnerabilities:

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles a paricular pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (CVE-2016-1283).

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (CVE-2016-3191).

The pcre package has been updated to the latest CVS as of May 21, 2016, aka 8.39-RC1, which fixes these issues, as well as several other bugs, and possible security issues.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / pcre

Package

Name: pcre
Purl: pkg:rpm/mageia/pcre?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.38-1.mga5

Ecosystem specific

{
    "section": "core"
}