Page MenuHomeVyOS Platform

pin OCaml pcre package to avoid JIT support
Closed, ResolvedPublic

Description

The most recent commit to pcre-ocaml added support for JIT-compilation of patterns; this results in an mmap'd region with PROT_WRITE | PROT_EXEC, which will raise concerns by, say, grsec. As we have no need for this feature, nor is it used by the pcre package other than a default initialization, we will pin to the commit preceding the last.

Details

Difficulty level
Unknown (require assessment)
Version
vyos-1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Security vulnerability

Related Objects

Mentioned In
1.3.3