[SECURITY] [DLA 441-1] pcre3 security update

2016-02-29T13:39:47
ID DEBIAN:DLA-441-1:5EE69
Type debian
Reporter Debian
Modified 2016-02-29T13:39:47

Description

Package : pcre3 Version : 8.02-1.1+deb6u1 Debian Bug : 815921

HP's Zero Day Initiative has identified a vulnerability affecting the pcre3 package. It was assigned ZDI id ZDI-CAN-3542. A CVE identifier has not been assigned yet.

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability.

PCRE did not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.

For Debian 6 "Squeeze", these problems have been fixed in version 8.02-1.1+deb6u1.

We recommend that you upgrade your pcre3 packages.