Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-581-1: PCRE vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-581-1: PCRE vulnerability
# 1  
Old 02-21-2008
USN-581-1: PCRE vulnerability
Referenced CVEs:
CVE-2008-0674


Description:
=========================================================== Ubuntu Security Notice USN-581-1 February 21, 2008pcre3 vulnerabilityCVE-2008-0674===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.2Ubuntu 6.10: libpcre3 7.4-0ubuntu0.6.10.2Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.2Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.2After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that PCRE did not correctly handle very long stringscontaining UTF8 sequences. In certain situations, an attacker couldexploit applications linked against PCRE by tricking a user or automatedsystem in processing a malicious regular expression leading to a denialof service or possibly arbitrary code execution.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pcre32_get_substring_list

PCRE_GET_SUBSTRING_LIST(3)				     Library Functions Manual					PCRE_GET_SUBSTRING_LIST(3)

NAME

       PCRE - Perl-compatible regular expressions

SYNOPSIS


       #include <pcre.h>

       int pcre_get_substring_list(const char *subject,
	    int *ovector, int stringcount, const char ***listptr);

       int pcre16_get_substring_list(PCRE_SPTR16 subject,
	    int *ovector, int stringcount, PCRE_SPTR16 **listptr);

       int pcre32_get_substring_list(PCRE_SPTR32 subject,
	    int *ovector, int stringcount, PCRE_SPTR32 **listptr);

DESCRIPTION


       This is a convenience function for extracting a list of all the captured substrings. The arguments are:

	 subject       Subject that has been successfully matched
	 ovector       Offset vector that pcre[16|32]_exec used
	 stringcount   Value returned by pcre[16|32]_exec
	 listptr       Where to put a pointer to the list

       The  memory  in	which  the  substrings	and  the  list	are  placed  is obtained by calling pcre[16|32]_malloc(). The convenience function
       pcre[16|32]_free_substring_list() can be used to free it when it is no longer needed. A pointer to a list of pointers is put in	the  vari-
       able  whose  address  is  in  listptr.  The  list  is  terminated  by  a  NULL  pointer.  The  yield  of the function is zero on success or
       PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained.

       There is a complete description of the PCRE native API in the pcreapi page and a description of the POSIX API in the pcreposix page.

PCRE 8.30							   24 June 2012 					PCRE_GET_SUBSTRING_LIST(3)