Debian Security Advisory
DLA-441-1 pcre3 -- LTS security update
- Date Reported:
- 29 Feb 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 815921.
- More information:
HP's Zero Day Initiative has identified a vulnerability affecting the pcre3 package. It was assigned ZDI id ZDI-CAN-3542. A CVE identifier has not been assigned yet.
PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability.
PCRE did not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.
For Debian 6
Squeeze, these problems have been fixed in version 8.02-1.1+deb6u1.
We recommend that you upgrade your pcre3 packages.