Arch Linux Security Advisory ASA-201508-11 ========================================== Severity: Critical Date : 2015-08-26 CVE-ID : None Package : pcre Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package pcre before version 8.37-3 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 8.37-3. # pacman -Syu "pcre>=8.37-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A heap overflow has been discovered when compiling certain regular expressions with named references. This issue may lead to arbitrary code execution. Impact ====== A remote attacker able to compile a special regular expression with named references may be able to execute arbitrary code. References ========== http://seclists.org/oss-sec/2015/q3/295 https://bugs.exim.org/show_bug.cgi?id=1667