pcre security update

2015-03-17T13:29:30
ID CESA-2015:0330
Type centos
Reporter CentOS Project
Modified 2015-03-17T13:29:30

Description

CentOS Errata and Security Advisory CESA-2015:0330

PCRE is a Perl-compatible regular expression library.

A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions. (CVE-2014-8964)

This update also adds the following enhancement:

  • Support for the little-endian variant of IBM Power Systems has been added to the pcre packages. (BZ#1123498, BZ#1125642)

All pcre users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue and add this enhancement.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001738.html

Affected packages: pcre pcre-devel pcre-static pcre-tools

Upstream details at: https://rhn.redhat.com/errata/RHSA-2015-0330.html