USN-5627-2: PCRE vulnerabilities
22 September 2022
PCRE could be made to expose sensitive information.
Releases
Packages
- pcre2 - Perl 5 Compatible Regular Expression Library
Details
USN-5627-1 fixed several vulnerabilities in PCRE. This update
provides the corresponding fixes for Ubuntu 18.04 ESM.
Original advisory details:
It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly
use this issue to cause applications using PCRE to expose
sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libpcre2-16-0
-
10.31-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
libpcre2-32-0
-
10.31-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
libpcre2-posix0
-
10.31-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
pcre2-utils
-
10.31-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
libpcre2-8-0
-
10.31-2ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to restart applications using PCRE,
such as the Apache HTTP server and Nginx, to make all the necessary
changes.
References
Related notices
- USN-5627-1: libpcre2-16-0, libpcre2-32-0, libpcre2-dev, pcre2, libpcre2-posix2, libpcre2-posix3, pcre2-utils, libpcre2-8-0