Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
fa6aec9ce94db20975693f5f321e7d96c3c11fc033799147ddb53375db168dc4Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.
6438dccbbad93fb63c20daae54da39a23d83c331dd646da101db534c1d021466Gentoo Linux Security Advisory GLSA 200711-30 - Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing \Q\E sequences with unmatched \E codes that can lead to the compiled bytecode being corrupted. PCRE does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow. Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode and when searching for unmatched brackets or parentheses. Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows. PCRE does not properly handle \P and \P{x} sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops, PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow. Versions less than 7.3-r1 are affected.
2cf13565c4553f4360f8a93a282b82bbdd945f46fb26b822c659e837a4d9ca2a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed