SCIENTIFIC-LINUX-ERRATA Archives

December 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Date:
Mon, 21 Dec 2015 23:14:33 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines)
Synopsis:          Low: grep security and bug fix update
Advisory ID:       SLSA-2015:2111-7
Issue Date:        2015-11-19
CVE Numbers:       CVE-2015-1345
--

A heap-based buffer overflow flaw was found in the way grep processed
certain pattern and text combinations. An attacker able to trick a user
into running grep on specially crafted input could use this flaw to crash
grep or, potentially, read from uninitialized memory. (CVE-2015-1345)

This update also fixes the following bugs:

* Prior to this update, the \w and \W symbols were inconsistently matched
to the [:alnum:] character class. Consequently, using regular expressions
with "\w" and "\W" could lead to incorrect results. With this update, "\w"
is consistently matched to the [_[:alnum:]] character, and "\W" is
consistently matched to the [^_[:alnum:]] character.

* Previously, the Perl Compatible Regular Expression (PCRE) matcher
(selected by the "-P" parameter in grep) did not work correctly when
matching non-UTF-8 text in UTF-8 locales. Consequently, an error message
about invalid UTF-8 byte sequence characters was returned. To fix this
bug, patches from upstream have been applied to the grep utility. As a
result, PCRE now skips non-UTF-8 characters as non-matching text without
returning any error message.
--

SL7
  x86_64
    grep-2.20-2.el7.x86_64.rpm
    grep-debuginfo-2.20-2.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2