RHBA-2015:2142

Affecting pcre package, versions <0:8.32-15.el7

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

PCRE is a Perl-compatible regular expression library. This update fixes the following bugs: * Previously, non-matched groups within capturing groups up to a forced match were not being properly reset by PCRE, causing the library to incorrectly match some groups. With this update, non-matched groups within capturing groups up to a forced match are being properly marked as non-matching. (BZ#1161597) * Compiling zero-repeated groups with recursive back references no longer causes PCRE to crash. (BZ#1119356) * A bug in PCRE was causing it to match the wrong substring in regular expressions with empty-matching possessive zero-repeat groups. This problem has been fixed and matching these groups now behaves as expected. (BZ#1119320) * PCRE previously did not correctly evaluate regular expressions with literal quotations inside character class. For example, the expression "/[\Qa]\E]+/" was not matching the string "a", although it should. The problem has been fixed and regular expressions with literal quotations inside character class are now being evaluated correctly. (BZ#1111091) * An error in first character optimization was causing PCRE to incorrectly evaluate regular expressions where a start-anchored character with more than once case follows circumflex in multi-line UTF-8 mode. This update resolves the problem and PCRE now properly evaluates these regular expressions. (BZ#1110621) * Linking an application to the static PCRE library using the libpcre module for pkg-config was failing due to missing pthread symbols. The pkg-config modules for PCRE libraries have been updated to declare private libraries properly, and the "pkg-config --static --libs libpcre" command can now be used to link the static pcre library to an application. (BZ#1217111) * The pcredemo.c file, which is described in the pcresample(3) man page as containing code examples for PCRE, was missing from the pcre-devel package. The example file has been added to the pcre-devel package and can now be found in the /usr/share/doc/pcre-devel-8.32/ directory. (BZ#1217118) Users of pcre are advised to upgrade to these updated packages, which fix these bugs.

References

CVE
RHBA-2015:2142
Snyk ID
SNYK-CENTOS7-PCRE-553226
Published
25 Feb, 2020