grep security update

CentOS Errata and Security Advisory CESA-2015:2111

The grep utility searches through textual input for lines that contain a
match to a specified pattern and then prints the matching lines. The GNU
grep utilities include grep, egrep, and fgrep.

A heap-based buffer overflow flaw was found in the way grep processed
certain pattern and text combinations. An attacker able to trick a user
into running grep on specially crafted input could use this flaw to crash
grep or, potentially, read from uninitialized memory. (CVE-2015-1345)

This update also fixes the following bugs:

• Prior to this update, the \w and \W symbols were inconsistently matched
  to the [:alnum:] character class. Consequently, using regular expressions
  with “\w” and “\W” could lead to incorrect results. With this update, “\w”
  is consistently matched to the [[:alnum:]] character, and “\W” is
  consistently matched to the [^[:alnum:]] character. (BZ#1159012)

• Previously, the Perl Compatible Regular Expression (PCRE) matcher
  (selected by the “-P” parameter in grep) did not work correctly when
  matching non-UTF-8 text in UTF-8 locales. Consequently, an error message
  about invalid UTF-8 byte sequence characters was returned. To fix this bug,
  patches from upstream have been applied to the grep utility. As a result,
  PCRE now skips non-UTF-8 characters as non-matching text without returning
  any error message. (BZ#1217080)

All grep users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-November/028560.html

Affected packages:
grep

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2111