{"id":"MGASA-2016-0204","summary":"Updated pcre packages fix security vulnerabilities","details":"Updated pcre packages fix security vulnerabilities:\n\nThe pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles a\nparicular pattern and related patterns with named subgroups, which allows\nremote attackers to cause a denial of service (heap-based buffer overflow)\nor possibly have unspecified other impact via a crafted regular expression\n(CVE-2016-1283).\n\nThe compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 \nmishandles patterns containing an (*ACCEPT) substring in conjunction with\nnested parentheses, which allows remote attackers to execute arbitrary\ncode or cause a denial of service (stack-based buffer overflow) via a\ncrafted regular expression (CVE-2016-3191).\n\nThe pcre package has been updated to the latest CVS as of May 21, 2016,\naka 8.39-RC1, which fixes these issues, as well as several other bugs,\nand possible security issues.\n","modified":"2026-04-16T01:45:27.720517621Z","published":"2016-05-23T22:00:58Z","upstream":["CVE-2016-1283","CVE-2016-3191"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0204.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17438"},{"type":"WEB","url":"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1649&view=markup"}],"affected":[{"package":{"name":"pcre","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/pcre?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.38-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0204.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}