Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-624-1: PCRE vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-624-1: PCRE vulnerability
# 1  
Old 07-14-2008
USN-624-1: PCRE vulnerability
Referenced CVEs:
CVE-2008-2371


Description:
=========================================================== Ubuntu Security Notice USN-624-1 July 15, 2008 pcre3 vulnerability CVE-2008-2371 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.3 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.3 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.3 Ubuntu 8.04 LTS: libpcre3 7.4-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pcre_get_named_substring

PCRE_GET_NAMED_SUBSTRING(3)				     Library Functions Manual				       PCRE_GET_NAMED_SUBSTRING(3)

NAME

       PCRE - Perl-compatible regular expressions

SYNOPSIS


       #include <pcre.h>

       int pcre_get_named_substring(const pcre *code,
	    const char *subject, int *ovector,
	    int stringcount, const char *stringname,
	    const char **stringptr);

       int pcre16_get_named_substring(const pcre16 *code,
	    PCRE_SPTR16 subject, int *ovector,
	    int stringcount, PCRE_SPTR16 stringname,
	    PCRE_SPTR16 *stringptr);

       int pcre32_get_named_substring(const pcre32 *code,
	    PCRE_SPTR32 subject, int *ovector,
	    int stringcount, PCRE_SPTR32 stringname,
	    PCRE_SPTR32 *stringptr);

DESCRIPTION


       This is a convenience function for extracting a captured substring by name. The arguments are:

	 code	       Compiled pattern
	 subject       Subject that has been successfully matched
	 ovector       Offset vector that pcre[16|32]_exec() used
	 stringcount   Value returned by pcre[16|32]_exec()
	 stringname    Name of the required substring
	 stringptr     Where to put the string pointer

       The  memory  in	which  the substring is placed is obtained by calling pcre[16|32]_malloc(). The convenience function pcre[16|32]_free_sub-
       string() can be used to free it when it is no longer needed. The  yield	of  the  function  is  the  length  of	the  extracted	substring,
       PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.

       There is a complete description of the PCRE native API in the pcreapi page and a description of the POSIX API in the pcreposix page.

PCRE 8.30							   24 June 2012 				       PCRE_GET_NAMED_SUBSTRING(3)