Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32379
HistoryAug 02, 2015 - 12:00 a.m.

[USN-2694-1] PCRE vulnerabilities

2015-08-0200:00:00
vulners.com
50
JSON

==========================================================================
Ubuntu Security Notice USN-2694-1
July 29, 2015

pcre3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

PCRE could be made to crash or run programs if it processed a
specially-crafted regular expression.

Software Description:

  • pcre3: Perl 5 Compatible Regular Expression Library

Details:

Michele Spagnuolo discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause applications
using PCRE to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)

Kai Lu discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause applications
using PCRE to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04.
(CVE-2015-2325, CVE-2015-2326)

Wen Guanxing discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause applications
using PCRE to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)

It was discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause applications
using PCRE to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS.
(CVE-2015-5073)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
libpcre3 2:8.35-3.3ubuntu1.1

Ubuntu 14.04 LTS:
libpcre3 1:8.31-2ubuntu2.1

Ubuntu 12.04 LTS:
libpcre3 8.12-4ubuntu0.1

After a standard system update you need to restart applications using PCRE,
such as the Apache HTTP server and Nginx, to make all the necessary
changes.

References:
http://www.ubuntu.com/usn/usn-2694-1
CVE-2014-8964, CVE-2015-2325, CVE-2015-2326, CVE-2015-3210,
CVE-2015-5073

Package Information:
https://launchpad.net/ubuntu/+source/pcre3/2:8.35-3.3ubuntu1.1
https://launchpad.net/ubuntu/+source/pcre3/1:8.31-2ubuntu2.1
https://launchpad.net/ubuntu/+source/pcre3/8.12-4ubuntu0.1

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

nessus 61
openvas 28
ubuntu 2
securityvulns 3
ubuntucve 8
fedora 11
freebsd 3
archlinux 4
amazon 7
redhat 2
debiancve 5
prion 5
cve 5
oraclelinux 2
mariadbunix 3
mageia 2
centos 2
f5 8
slackware 3
veracode 25
openwrt 1
suse 2
ibm 3
gentoo 1
rosalinux 1
n0where 1
kitploit 1
nessus
nessus
Ubuntu 14.04 LTS : PCRE vulnerabilities (USN-2694-1)
2015-07-30 00:00:00
openSUSE Security Update : pcre (openSUSE-2015-353)
2015-05-13 00:00:00
FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)
2015-05-26 00:00:00
openvas
openvas
Ubuntu Update for pcre3 USN-2694-1
2015-07-30 00:00:00
Fedora Update for pcre FEDORA-2015-11019
2015-07-18 00:00:00
Fedora Update for pcre FEDORA-2015-11027
2015-07-14 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
PCRE vulnerabilities
2016-03-29 00:00:00
securityvulns
securityvulns
PCRE multiple security vulnerabilities
2015-08-02 00:00:00
[ MDVSA-2015:002 ] pcre
2015-01-13 00:00:00
PCRE buffer overflow
2015-01-13 00:00:00
ubuntucve
ubuntucve
CVE-2015-5073
2015-06-26 00:00:00
CVE-2015-2325
2015-04-01 00:00:00
CVE-2015-2326
2015-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: pcre-8.35-12.fc21
2015-07-18 02:05:10
[SECURITY] Fedora 22 Update: pcre-8.37-3.fc22
2015-08-13 16:57:41
[SECURITY] Fedora 22 Update: pcre-8.37-2.fc22
2015-07-13 19:13:55
freebsd
freebsd
pcre -- multiple vulnerabilities
2015-04-28 00:00:00
pcre -- Heap Overflow Vulnerability in find_fixedlength()
2015-06-23 00:00:00
pcre -- multiple vulnerabilities
2015-05-29 00:00:00
archlinux
archlinux
mariadb-clients: denial of service
2015-05-08 00:00:00
pcre: heap buffer overflow
2014-11-26 00:00:00
pcre: buffer overflow
2015-06-05 00:00:00
amazon
amazon
Low: pcre
2015-05-27 14:03:00
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
redhat
redhat
(RHSA-2015:0330) Low: pcre security and enhancement update
2015-03-05 00:00:00
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
debiancve
debiancve
CVE-2014-8964
2014-12-16 18:59:00
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
prion
prion
Heap overflow
2014-12-16 18:59:00
Out-of-bounds
2020-01-14 17:15:00
Out-of-bounds
2020-01-14 17:15:00
cve
cve
CVE-2014-8964
2014-12-16 18:59:00
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
oraclelinux
oraclelinux
pcre security and enhancement update
2015-03-09 00:00:00
pcre security update
2016-05-11 00:00:00
mariadbunix
mariadbunix
CVE-2014-8964
2014-12-16 18:59:00
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
mageia
mageia
Updated pcre packages fix security vulnerability
2014-12-19 18:06:35
Updated pcre package fixes security vulnerability
2015-07-05 20:22:03
centos
centos
pcre security update
2015-03-17 13:29:30
pcre security update
2016-05-13 00:44:08
f5
f5
SOL16983 - PCRE library vulnerability CVE-2015-2325
2015-07-22 00:00:00
K16983 : PCRE library vulnerability CVE-2015-2325
2015-07-22 00:00:00
SOL17235 - PCRE library vulnerability CVE-2015-3210
2015-09-08 00:00:00
slackware
slackware
[slackware-security] pcre
2015-11-25 07:21:21
[slackware-security] php
2015-06-11 23:01:25
[slackware-security] php
2015-07-17 20:25:21
veracode
veracode
Arbitrary Code Execution
2019-05-02 06:02:14
Denial Of Service (DoS)
2019-05-02 05:34:18
Arbitrary Code Execution
2019-01-15 09:11:36
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
suse
suse
Security update for mariadb (important)
2015-07-21 16:08:23
Security update for MariaDB (important)
2015-07-09 17:08:05
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience
2018-06-16 20:03:39
Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM
2018-06-18 01:32:32
Security Bulletin:Multiple vulnerabilities in PCRE affect IBM Tivoli Network Manager IP Edition.
2018-06-17 15:15:49
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
n0where
n0where
MongoDB Security Audit: mongoaudit
2017-02-16 06:05:56
kitploit
kitploit
mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool
2017-02-22 14:04:00
JSON
Related for SECURITYVULNS:DOC:32379
nessus61openvas28ubuntu2securityvulns3ubuntucve8fedora11freebsd3archlinux4amazon7redhat2debiancve5prion5cve5oraclelinux2mariadbunix3mageia2centos2f58slackware3veracode25openwrt1suse2ibm3gentoo1rosalinux1n0where1kitploit1