ELA-816-1 pcre2 security update
Package : pcre2ELA-816-1 pcre2 security update
Version : 10.22-3+deb9u1 (stretch)
Related CVEs :
Multiple out-of-bounds read vulnerabilities were found in pcre2, a Perl
Compatible Regular Expression library, which could result in information
disclosure or denial or service.
An out-of-bounds read vulnerability was discovered in the PCRE2 library
in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c
file. This involves a unicode property matching issue in JIT-compiled
regular expressions. The issue occurs because the character was not
fully read in case-less matching within JIT.
Additionally, this upload also fixes a subject buffer overread in JIT
when UTF is disabled and \X or \R has a greater than 1 fixed quantifier.
This issue was found by Yunho Kim.
A pcre2 security update has been released for Debian GNU/Linux 9 Extended LTS to address multiple out-of-bounds read vulnerabilities.