Lucene search

K
centosCentOS ProjectCESA-2016:1025
HistoryMay 13, 2016 - 12:44 a.m.

pcre security update

2016-05-1300:44:08
CentOS Project
lists.centos.org
85

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.116 Low

EPSS

Percentile

95.2%

CentOS Errata and Security Advisory CESA-2016:1025

PCRE is a Perl-compatible regular expression library.

Security Fix(es):

  • Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-May/084045.html

Affected packages:
pcre
pcre-devel
pcre-static
pcre-tools

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1025

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.116 Low

EPSS

Percentile

95.2%

Related for CESA-2016:1025