SB2016051114 - Red Hat Enterprise Linux 7 update for pcre

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Data Handling (CVE-ID: CVE-2015-2328)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to PCRE mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion. A remote attacker can cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression.

2) Stack-based buffer overflow (CVE-ID: CVE-2015-3217)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a crafted regular expression, as demonstrated by /^(?:(?(1)\.|([^\\W_])?)+)+$/. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Heap-based buffer overflow (CVE-ID: CVE-2015-5073)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38. A remote attacker can use a crafted regular expression with an excess closing parenthesis. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Buffer overflow (CVE-ID: CVE-2015-8385)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles the /(?|(k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references. A remote attacker can create a specially crafted Office document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

5) Buffer overflow (CVE-ID: CVE-2015-8386)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing regular expressions. A remote attacker can trigger memory corruption using a JavaScript RegExp object and execute arbitrary code on the target system.

6) Buffer overflow (CVE-ID: CVE-2015-8388)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis. A remote attacker can cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

7) Buffer overflow (CVE-ID: CVE-2015-8391)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due pcre_compile function in pcre_compile.c in PCRE mishandles certain [: nesting. A remote attacker can cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression.

8) Stack-based buffer overflow (CVE-ID: CVE-2016-3191)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring when processing a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2016:1025