Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-441-1 pcre3

Debian Security Advisory

DLA-441-1 pcre3 -- LTS security update

Date Reported:

29 Feb 2016

Affected Packages:

pcre3

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 815921.

More information:

HP's Zero Day Initiative has identified a vulnerability affecting the pcre3 package. It was assigned ZDI id ZDI-CAN-3542. A CVE identifier has not been assigned yet.

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability.

PCRE did not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.

For Debian 6 Squeeze, these problems have been fixed in version 8.02-1.1+deb6u1.

We recommend that you upgrade your pcre3 packages.