Mailinglist Archive: opensuse-updates (131 mails)

< Previous Next >
openSUSE-SU-2016:2805-1: moderate: Security update for pcre
openSUSE Security Update: Security update for pcre
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2805-1
Rating: moderate
References: #933288 #933878 #936227 #942865 #957566 #957598
#960837 #971741 #972127
Cross-References: CVE-2015-3210 CVE-2015-3217 CVE-2015-5073
CVE-2015-8380 CVE-2016-1283 CVE-2016-3191

Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that solves 6 vulnerabilities and has three fixes
is now available.

Description:

This version fixes a number of vulnerabilities that affect pcre and
applications using the libary when accepting untrusted input as regular
expressions or as part thereof. Remote attackers could have caused the
application to crash, disclose information or potentially execute
arbitrary code.

- Update to PCRE 8.39 FATE#320298 boo#972127.
- CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex()
(boo#933288)
- CVE-2015-3217: pcre: PCRE Library Call Stack Overflow Vulnerability in
match() (boo#933878)
- CVE-2015-5073: pcre: Library Heap Overflow Vulnerability in
find_fixedlength() (boo#936227)
- boo#942865: heap overflow in compile_regex()
- CVE-2015-8380: pcre: heap overflow in pcre_exec (boo#957566)
- boo#957598: various security issues fixed in pcre 8.37 and 8.38 release
- CVE-2016-1283: pcre: Heap buffer overflow in pcre_compile2 causes DoS
(boo#960837)
- CVE-2016-3191: pcre: workspace overflow for (*ACCEPT) with deeply nested
parentheses (boo#971741)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1303=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

libpcre1-8.39-3.8.1
libpcre1-debuginfo-8.39-3.8.1
libpcre16-0-8.39-3.8.1
libpcre16-0-debuginfo-8.39-3.8.1
libpcrecpp0-8.39-3.8.1
libpcrecpp0-debuginfo-8.39-3.8.1
libpcreposix0-8.39-3.8.1
libpcreposix0-debuginfo-8.39-3.8.1
pcre-debugsource-8.39-3.8.1
pcre-devel-8.39-3.8.1
pcre-devel-static-8.39-3.8.1
pcre-tools-8.39-3.8.1
pcre-tools-debuginfo-8.39-3.8.1

- openSUSE 13.2 (noarch):

pcre-doc-8.39-3.8.1

- openSUSE 13.2 (x86_64):

libpcre1-32bit-8.39-3.8.1
libpcre1-debuginfo-32bit-8.39-3.8.1
libpcre16-0-32bit-8.39-3.8.1
libpcre16-0-debuginfo-32bit-8.39-3.8.1
libpcrecpp0-32bit-8.39-3.8.1
libpcrecpp0-debuginfo-32bit-8.39-3.8.1
libpcreposix0-32bit-8.39-3.8.1
libpcreposix0-debuginfo-32bit-8.39-3.8.1


References:

https://www.suse.com/security/cve/CVE-2015-3210.html
https://www.suse.com/security/cve/CVE-2015-3217.html
https://www.suse.com/security/cve/CVE-2015-5073.html
https://www.suse.com/security/cve/CVE-2015-8380.html
https://www.suse.com/security/cve/CVE-2016-1283.html
https://www.suse.com/security/cve/CVE-2016-3191.html
https://bugzilla.suse.com/933288
https://bugzilla.suse.com/933878
https://bugzilla.suse.com/936227
https://bugzilla.suse.com/942865
https://bugzilla.suse.com/957566
https://bugzilla.suse.com/957598
https://bugzilla.suse.com/960837
https://bugzilla.suse.com/971741
https://bugzilla.suse.com/972127


< Previous Next >
This Thread
  • No further messages