Joined: 12 May 2004
|Posted: Tue Jul 11, 2017 8:26 am Post subject: [ GLSA 201706-11 ] PCRE library
|Gentoo Linux Security Advisory
Title: PCRE library: Denial of Service (GLSA 201706-11)
A vulnerability in PCRE library allows remote attackers to cause a
Denial of Service condition.
PCRE library is a set of functions that implement regular expression
pattern matching using the same syntax and semantics as Perl 5.
Vulnerable: < 8.40-r1
Unaffected: >= 8.40-r1
Architectures: All supported architectures
It was found that the compile_bracket_matchingpath function in
pcre_jit_compile.c in PCRE library is vulnerable to an out-of-bounds
A remote attacker could possibly cause a Denial of Service condition via
a special crafted regular expression.
There is no known workaround at this time.
All PCRE library users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.40-r1"