Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-581-1: PCRE vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-581-1: PCRE vulnerability
# 1  
Old 02-21-2008
USN-581-1: PCRE vulnerability
Referenced CVEs:
CVE-2008-0674


Description:
=========================================================== Ubuntu Security Notice USN-581-1 February 21, 2008pcre3 vulnerabilityCVE-2008-0674===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.2Ubuntu 6.10: libpcre3 7.4-0ubuntu0.6.10.2Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.2Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.2After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that PCRE did not correctly handle very long stringscontaining UTF8 sequences. In certain situations, an attacker couldexploit applications linked against PCRE by tricking a user or automatedsystem in processing a malicious regular expression leading to a denialof service or possibly arbitrary code execution.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pcre_get_substring

PCRE_GET_SUBSTRING(3)					     Library Functions Manual					     PCRE_GET_SUBSTRING(3)

NAME

       PCRE - Perl-compatible regular expressions

SYNOPSIS


       #include <pcre.h>

       int pcre_get_substring(const char *subject, int *ovector,
	    int stringcount, int stringnumber,
	    const char **stringptr);

       int pcre16_get_substring(PCRE_SPTR16 subject, int *ovector,
	    int stringcount, int stringnumber,
	    PCRE_SPTR16 *stringptr);

       int pcre32_get_substring(PCRE_SPTR32 subject, int *ovector,
	    int stringcount, int stringnumber,
	    PCRE_SPTR32 *stringptr);

DESCRIPTION


       This is a convenience function for extracting a captured substring. The arguments are:

	 subject       Subject that has been successfully matched
	 ovector       Offset vector that pcre[16|32]_exec() used
	 stringcount   Value returned by pcre[16|32]_exec()
	 stringnumber  Number of the required substring
	 stringptr     Where to put the string pointer

       The  memory  in	which  the substring is placed is obtained by calling pcre[16|32]_malloc(). The convenience function pcre[16|32]_free_sub-
       string() can be used to free it when it is no longer needed. The yield of the function is the length of the substring,  PCRE_ERROR_NOMEMORY
       if sufficient memory could not be obtained, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.

       There is a complete description of the PCRE native API in the pcreapi page and a description of the POSIX API in the pcreposix page.

PCRE 8.30							   24 June 2012 					     PCRE_GET_SUBSTRING(3)