You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa pcre

Sigurnosni nedostaci programskog paketa pcre

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-01-04 16:02:44.028960

Name : pcre
Product : Fedora 22
Version : 8.38
Release : 1.fc22
Summary : Perl-compatible regular expression library
Description :
Perl-compatible regular expression library.
PCRE has its own native API, but a set of “wrapper” functions that are based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.

Update Information:

This release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386,
CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393,
CVE-2015-8394. It also fixes compiling comments with auto-callouts, compiling
expressions with negated classes in UCP mode, compiling expressions with an
isolated \E between an item and its qualifier with auto-callouts, a crash in
regexec() if REG_STARTEND option is set and pmatch argument is NULL, a stack
overflow when formatting a 32-bit integer in pcregrep tool, compiling
expressions with an empty \Q\E sequence between an item and its qualifier with
auto-callouts, compiling expressions with global extended modifier that is
disabled by local no-extended option at the start of the expression just after a
whitespace, a possible crash in pcre_copy_named_substring() if a named substring
has number greater than the space in the ovector, a buffer overflow when
compiling an expression with named groups with a group that reset capture
numbers, and a crash in pcre_get_substring_list() if the use of \K caused the
start of the match to be earlier than the end.

[ 1 ] Bug #1287614 – CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
[ 2 ] Bug #1287636 – CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
[ 3 ] Bug #1287646 – CVE-2015-8387 pcre: Integer overflow in subroutine calls
[ 4 ] Bug #1287659 – CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
[ 5 ] Bug #1287666 – CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
[ 6 ] Bug #1287671 – CVE-2015-8391 pcre: Some pathological patterns causes pcre_compile() to run for a very long time
[ 7 ] Bug #1287695 – CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
[ 8 ] Bug #1287702 – CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions

This update can be installed with the “yum” update program. Use
su -c ‘yum update pcre’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2016-01-0015-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa kvm

Otkriveni su sigurnosni nedostaci u programskom paketu kvm za operacijski sustav SUSE Linux Enterprise 11. Otkriveni nedostaci potencijalnim napadačima omogućuju...