Arch Linux Security Advisory ASA-201411-29 ========================================== Severity: Low Date : 2014-11-26 CVE-ID : CVE-2014-8964 Package : pcre Type : heap buffer overflow Remote : No Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package pcre before version 8.36-2 is vulnerable to denial of service via a heap buffer overlow. Resolution ========== Upgrade to 8.36-2. # pacman -Syu "pcre>=8.36-2" The problem has been fixed upstream but no version released yet. Workaround ========== None. Description =========== A heap buffer overflow issue was found in PCRE when processing a specially crafted regular expression, causing a denial of service or other unspecified impact. Impact ====== An attacker able to supply a specially crafted regular expression can cause a denial of service, or other unspecified impact. References ========== http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8964 http://bugs.exim.org/show_bug.cgi?id=1546 https://bugs.archlinux.org/task/42860