——————————————————————————–
Fedora Update Notification
FEDORA-2016-65833b5dbc
2016-03-01 22:06:21.359555
——————————————————————————–

Name : pcre
Product : Fedora 23
Version : 8.38
Release : 6.fc23
URL : http://www.pcre.org/
Summary : Perl-compatible regular expression library
Description :
Perl-compatible regular expression library.
PCRE has its own native API, but a set of “wrapper” functions that are based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.

——————————————————————————–
Update Information:

This release fixes a heap buffer overflow in handling of nested duplicate named
groups with a nested back reference and a heap buffer overflow in pcretest
causing infinite loop when matching globally with an ovector less than 2.
——————————————————————————–
References:

[ 1 ] Bug #1295385 – CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
https://bugzilla.redhat.com/show_bug.cgi?id=1295385
[ 2 ] Bug #1312782 – pcre: Heap buffer overflow in pcretest causing infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1312782
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update pcre’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce