Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-624-1: PCRE vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-624-1: PCRE vulnerability
# 1  
Old 07-14-2008
USN-624-1: PCRE vulnerability
Referenced CVEs:
CVE-2008-2371


Description:
=========================================================== Ubuntu Security Notice USN-624-1 July 15, 2008 pcre3 vulnerability CVE-2008-2371 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.3 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.3 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.3 Ubuntu 8.04 LTS: libpcre3 7.4-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pcre16_get_substring

PCRE_GET_SUBSTRING(3)					     Library Functions Manual					     PCRE_GET_SUBSTRING(3)

NAME

       PCRE - Perl-compatible regular expressions

SYNOPSIS


       #include <pcre.h>

       int pcre_get_substring(const char *subject, int *ovector,
	    int stringcount, int stringnumber,
	    const char **stringptr);

       int pcre16_get_substring(PCRE_SPTR16 subject, int *ovector,
	    int stringcount, int stringnumber,
	    PCRE_SPTR16 *stringptr);

       int pcre32_get_substring(PCRE_SPTR32 subject, int *ovector,
	    int stringcount, int stringnumber,
	    PCRE_SPTR32 *stringptr);

DESCRIPTION


       This is a convenience function for extracting a captured substring. The arguments are:

	 subject       Subject that has been successfully matched
	 ovector       Offset vector that pcre[16|32]_exec() used
	 stringcount   Value returned by pcre[16|32]_exec()
	 stringnumber  Number of the required substring
	 stringptr     Where to put the string pointer

       The  memory  in	which  the substring is placed is obtained by calling pcre[16|32]_malloc(). The convenience function pcre[16|32]_free_sub-
       string() can be used to free it when it is no longer needed. The yield of the function is the length of the substring,  PCRE_ERROR_NOMEMORY
       if sufficient memory could not be obtained, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.

       There is a complete description of the PCRE native API in the pcreapi page and a description of the POSIX API in the pcreposix page.

PCRE 8.30							   24 June 2012 					     PCRE_GET_SUBSTRING(3)