libpcre: Multiple Vulnerabilities — GLSA 201607-02

Multiple vulnerabilities have been found in libpcre, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Affected packages

Package	dev-libs/libpcre on all architectures
Affected versions	< 8.38-r1
Unaffected versions	>= 8.38-r1

Background

libpcre is a library providing functions for Perl-compatible regular expressions.

Description

Multiple vulnerabilities have been discovered in libpcre. Please review the CVE identifiers referenced below for details.

Impact

An attacker can possibly execute arbitrary code or create a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libpcre users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.38-r1"

References

CVE-2014-8964
CVE-2014-8964
CVE-2015-5073
CVE-2015-5073
CVE-2015-5073
CVE-2015-8380
CVE-2015-8381
CVE-2015-8383
CVE-2015-8384
CVE-2015-8385
CVE-2015-8386
CVE-2015-8387
CVE-2015-8388
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8392
CVE-2015-8393
CVE-2015-8394
CVE-2015-8395
CVE-2016-1283
CVE-2016-1283

Release date
July 09, 2016

Latest revision
July 09, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries

529952
551240
553300
570694
575546