USN-2943-1: PCRE vulnerabilities
Ubuntu Security Notice USN-2943-1
29th March, 2016
pcre3 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
PCRE could be made to crash or run programs if it processed a
specially-crafted regular expression.
Software description
- pcre3
– Perl 5 Compatible Regular Expression Library
Details
It was discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause applications
using PCRE to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
libpcre3
2:8.35-7.1ubuntu1.3
- Ubuntu 14.04 LTS:
-
libpcre3
1:8.31-2ubuntu2.2
- Ubuntu 12.04 LTS:
-
libpcre3
8.12-4ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart applications using PCRE,
such as the Apache HTTP server and Nginx, to make all the necessary
changes.
References
Source: USN-2943-1: PCRE vulnerabilities