[Frugalware-security] [ FSA-382 ] pcre

vmiklos noreply at frugalware.org
Sun Mar 9 00:33:51 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-382

Date: 2008-03-09
Package: pcre
Vulnerable versions: <= 7.4-1
Unaffected versions: >= 7.6-1sayshell1
Related bugreport: http://bugs.frugalware.org/task/2785
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674

Description
===========

A vulnerability has been reported in PCRE, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
The vulnerability is caused due to a boundary error when processing character classes and can be exploited to cause a buffer overflow via an overly long character class with codepoints greater than 255.

Updated Packages
================

Check if you have pcre installed:

	# pacman-g2 -Q pcre

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy pcre

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFH0yJfZ7NElSD1VhkRAj5xAJ9KzB2+DC0ewrWLsjSaA0rQOFtCQQCeOgwC
T18NAyUOkbTnbm+Gxyet44E=
=AIci
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list