Debian Security Advisory

DLA-441-1 pcre3 -- LTS security update

Date Reported:
29 Feb 2016
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 815921.
More information:

HP's Zero Day Initiative has identified a vulnerability affecting the pcre3 package. It was assigned ZDI id ZDI-CAN-3542. A CVE identifier has not been assigned yet.

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability.

PCRE did not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.

For Debian 6 Squeeze, these problems have been fixed in version 8.02-1.1+deb6u1.

We recommend that you upgrade your pcre3 packages.