You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mingw-pcre

Sigurnosni nedostaci programskog paketa mingw-pcre

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2016-f59a8ff5d0
2016-02-16 23:30:31.083528
——————————————————————————–

Name : mingw-pcre
Product : Fedora 22
Version : 8.38
Release : 1.fc22
URL : http://www.pcre.org/
Summary : MinGW Windows pcre library
Description :
Cross compiled Perl-compatible regular expression library for use with mingw32.

PCRE has its own native API, but a set of “wrapper” functions that are based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.

——————————————————————————–
Update Information:

Update to 8.38 and fix various CVE’s
——————————————————————————–
References:

[ 1 ] Bug #1236660 – CVE-2015-3210 mingw-pcre: pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1236660
[ 2 ] Bug #1237225 – CVE-2015-5073 mingw-pcre: pcre: heap buffer overflow in find_fixedlength() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1237225
[ 3 ] Bug #1249905 – mingw-pcre: php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1249905
[ 4 ] Bug #1250947 – mingw-pcre: pcre: heap buffer overflow with a crafted regular expression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1250947
[ 5 ] Bug #1256453 – mingw-pcre: pcre: Heap Overflow in compile_regex() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1256453
[ 6 ] Bug #1287616 – CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287616
[ 7 ] Bug #1287626 – CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287626
[ 8 ] Bug #1287631 – CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287631
[ 9 ] Bug #1287640 – CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287640
[ 10 ] Bug #1287648 – CVE-2015-8387 mingw-pcre: pcre: Integer overflow in subroutine calls [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287648
[ 11 ] Bug #1287656 – CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287656
[ 12 ] Bug #1287661 – CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287661
[ 13 ] Bug #1287668 – CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287668
[ 14 ] Bug #1287673 – CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287673
[ 15 ] Bug #1287692 – CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287692
[ 16 ] Bug #1287698 – CVE-2015-8393 mingw-pcre: pcre: Information leak when running pcgrep -q on crafted binary [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287698
[ 17 ] Bug #1287704 – CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused by missing check for certain conditions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287704
[ 18 ] Bug #1287720 – CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused by certain references [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287720
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-pcre’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2016-fd1199dbe2
2016-02-16 23:32:09.946597
——————————————————————————–

Name : mingw-pcre
Product : Fedora 23
Version : 8.38
Release : 1.fc23
URL : http://www.pcre.org/
Summary : MinGW Windows pcre library
Description :
Cross compiled Perl-compatible regular expression library for use with mingw32.

PCRE has its own native API, but a set of “wrapper” functions that are based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.

——————————————————————————–
Update Information:

Update to 8.38 and fix various CVE’s
——————————————————————————–
References:

[ 1 ] Bug #1287720 – CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused by certain references [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287720
[ 2 ] Bug #1287704 – CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused by missing check for certain conditions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287704
[ 3 ] Bug #1287698 – CVE-2015-8393 mingw-pcre: pcre: Information leak when running pcgrep -q on crafted binary [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287698
[ 4 ] Bug #1287692 – CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287692
[ 5 ] Bug #1287673 – CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287673
[ 6 ] Bug #1287668 – CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287668
[ 7 ] Bug #1287661 – CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287661
[ 8 ] Bug #1287656 – CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287656
[ 9 ] Bug #1287648 – CVE-2015-8387 mingw-pcre: pcre: Integer overflow in subroutine calls [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287648
[ 10 ] Bug #1287640 – CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287640
[ 11 ] Bug #1287631 – CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287631
[ 12 ] Bug #1287626 – CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287626
[ 13 ] Bug #1287616 – CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287616
[ 14 ] Bug #1256453 – mingw-pcre: pcre: Heap Overflow in compile_regex() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1256453
[ 15 ] Bug #1250947 – mingw-pcre: pcre: heap buffer overflow with a crafted regular expression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1250947
[ 16 ] Bug #1249905 – mingw-pcre: php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1249905
[ 17 ] Bug #1237225 – CVE-2015-5073 mingw-pcre: pcre: heap buffer overflow in find_fixedlength() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1237225
[ 18 ] Bug #1236660 – CVE-2015-3210 mingw-pcre: pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1236660
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-pcre’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarko Stanec
Cert idNCERT-REF-2016-02-0017-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa mingw-libxml2

Otkriveni su sigurnosni nedostaci u programskom paketu mingw-libxml2 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close