FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

PCRE development team reports :

A pattern such as '((?2){0,1999}())?', which has a group containing a
forward reference repeated a large (but limited) number of times
within a repeated outer group that has a zero minimum quantifier,
caused incorrect code to be compiled, leading to the error 'internal
error: previously-checked referenced subpattern not found' when an
incorrect memory address was read. This bug was reported as 'heap
overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs and
given the CVE number CVE-2015-2325.

A pattern such as '((?+1)(\1))/' containing a forward reference
subroutine call within a group that also contained a recursive back
reference caused incorrect code to be compiled. This bug was reported
as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard
Labs, and given the CVE number CVE-2015-2326.

See also :

http://www.pcre.org/original/changelog.txt
http://www.nessus.org/u?8c3adcda

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 83795 ()

Bugtraq ID:

CVE ID: CVE-2015-2325
CVE-2015-2326

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now