[arch-security] [ASA-201506-1] pcre: buffer overflow
rgacogne at archlinux.org
Fri Jun 5 13:54:56 UTC 2015
Arch Linux Security Advisory ASA-201506-1
Date : 2015-06-05
CVE-ID : CVE-2015-3210
Package : pcre
Type : buffer overflow
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
The package pcre before version 8.37-2 is vulnerable to multiple buffer
overflows leading to code execution.
Upgrade to 8.37-2.
# pacman -Syu "pcre>=8.37-2"
The problem has been fixed upstream in the trunk, but no fixed version
has been released yet.
Several buffer overflows have been found in pcre <= 8.37. By compiling a
crafted regular expression, it is possible to write more than the
expected size into various buffers, allowing arbitrary code execution.
An attacker with the ability to submit an arbitrary regular expression
for compilation can execute arbitrary code.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security