This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.49.0
·
282 commits
to master
since this release
Notably, this release addresses USN-2943-1: PCRE vulnerabilities Ubuntu Security Notice USN-2943-1:
- CVE-2014-9769: pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open rule set.
- CVE-2015-2325: heap buffer overflow in compile_branch()
- CVE-2015-2326: heap buffer overflow in pcre_compile2()
- CVE-2015-2327: PCRE before 8.36 mishandles the /(((a\2)|(a_)\g<-1>))_/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-2328: PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror.
- CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex()
- CVE-2015-5073: Heap Overflow Vulnerability in find_fixedlength()
- CVE-2015-8380: The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a //pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror.
- CVE-2015-8381: The compile_regex function in pcre_compile.c in PCRE before 8.38 andpcre2_compile.c in PCRE2 before 10.2x mishandles the/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow)or possibly have unspecified other impact via a crafted regular expression,as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8382: The match function in pcre_exec.c in PCRE before 8.37 mishandles the/(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((_ACCEPT)))/pattern and related patterns involving (_ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
- CVE-2015-8383: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8384: PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue toCVE-2015-8392 and CVE-2015-8395.
- CVE-2015-8385: PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8386: PCRE before 8.38 mishandles the interaction of look behind assertions and mutually recursive sub patterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror.
- CVE-2015-8387: PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integeroverflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8388: PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8389: PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service(infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8390: PCRE before 8.38 mishandles the [: and \ substrings in character classes,which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8391: The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8392: PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 andCVE-2015-8395.
- CVE-2015-8393: pcre grep in PCRE before 8.38 mishandles the -q option for binary files,which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
- CVE-2015-8394: PCRE before 8.38 mishandles the (?() and (?(R) conditions,which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2015-8395: PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
- CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the/((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- CVE-2016-3191: The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 andpcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an(*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service(stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, akaZDI-CAN-3542.