Updated pcre packages fix security vulnerabilitiesPublication date: 23 May 2016
Affected Mageia releases : 5
CVE: CVE-2016-1283 , CVE-2016-3191
Updated pcre packages fix security vulnerabilities: The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles a paricular pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (CVE-2016-1283). The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (CVE-2016-3191). The pcre package has been updated to the latest CVS as of May 21, 2016, aka 8.39-RC1, which fixes these issues, as well as several other bugs, and possible security issues.