Arch Linux Security Advisory ASA-201506-1 ========================================= Severity: High Date : 2015-06-05 CVE-ID : CVE-2015-3210 Package : pcre Type : buffer overflow Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package pcre before version 8.37-2 is vulnerable to multiple buffer overflows leading to code execution. Resolution ========== Upgrade to 8.37-2. # pacman -Syu "pcre>=8.37-2" The problem has been fixed upstream in the trunk, but no fixed version has been released yet. Workaround ========== None. Description =========== Several buffer overflows have been found in pcre <= 8.37. By compiling a crafted regular expression, it is possible to write more than the expected size into various buffers, allowing arbitrary code execution. Impact ====== An attacker with the ability to submit an arbitrary regular expression for compilation can execute arbitrary code. References ========== https://access.redhat.com/security/cve/CVE-2015-3210 https://bugs.archlinux.org/task/45207 https://bugs.exim.org/show_bug.cgi?id=1636 http://www.securitytracker.com/id/1032453