Red Hat Bugzilla – Bug 392911
CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization
Last modified: 2008-03-06 11:36:53 EST
"Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library
before 7.3 allows context-dependent attackers to execute arbitrary code via a
singleton Unicode sequence in a character class in a regex pattern, which is
F7 ships pcre 7.0.
pcre-7.3-3.fc7 has been submitted as an update for Fedora 7
pcre-7.3-3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update pcre'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-1842
pcre-7.3-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.