[Bug 1549609] Re: Stack Corruption in PCRE 8.35
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Mar 30 11:55:06 UTC 2016
These should now be fixed by the following update:
http://www.ubuntu.com/usn/usn-2943-1/
** Changed in: pcre3 (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pcre3 in Ubuntu.
https://bugs.launchpad.net/bugs/1549609
Title:
Stack Corruption in PCRE 8.35
Status in pcre3 package in Ubuntu:
Fix Released
Bug description:
Various security issues have been fixed in PCRE since 8.35. Here is
an example of using a malicious pattern within the Ubuntu PHP5 package
that leads to stack corruption:
php5 -r 'preg_match("/(?(1)(()(?1)1)+)/","abcdef", $matches,
PREG_OFFSET_CAPTURE);'
Loading
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
with the upgrade-pcre.php script resolves this issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1549609/+subscriptions
More information about the foundations-bugs
mailing list