A flaw was found in the PCRE library: PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. Upstream issue: http://bugs.exim.org/show_bug.cgi?id=1592 Upstream patch: http://vcs.pcre.org/pcre?revision=1529&view=revision Statement: This issue did not affect the versions of pcre as shipped with Red Hat Enterprise Linux 5, 6, and 7.
8.34 seems to be the first affected upstream version.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html