openSUSE Security Update: Security update for pcre2 ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2035-1 Rating: low References: #971741 Cross-References: CVE-2016-3191 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pcre2 fixes the following issues:
- pcre2 10.22: * The POSIX wrapper function regcomp() did not used to support back references and subroutine calls if called with the REG_NOSUB option. It now does. * A new function, pcre2_code_copy(), is added, to make a copy of a compiled pattern. * Support for string callouts is added to pcre2grep. * Added the PCRE2_NO_JIT option to pcre2_match(). * The pcre2_get_error_message() function now returns with a negative error code if the error number it is given is unknown. * Several updates have been made to pcre2test and test scripts * Fix CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses (boo#971741)
- Update to new upstream release 10.21 * Improve JIT matching speed of patterns starting with + or *. * Use memchr() to find the first character in an unanchored match in 8-bit mode in the interpreter. This gives a significant speed improvement. * 10.20 broke the handling of [[:>:]] and [[:<:]] in that processing them could involve a buffer overflow if the following character was an opening parenthesis. * 10.20 also introduced a bug in processing this pattern: /((?x)(*:0))#(?'/, which was fixed. * A callout with a string argument containing an opening square bracket, for example /(?C$[$)(?<]/, was incorrectly processed and could provoke a buffer overflow. * A possessively repeated conditional group that could match an empty string, for example, /(?(R))*+/, was incorrectly compiled. * The Unicode tables have been updated to Unicode 8.0.0. * An empty comment (?#) in a pattern was incorrectly processed and could provoke a buffer overflow. * Fix infinite recursion in the JIT compiler when certain patterns /such as (?:|a|){100}x/ are analysed. * Some patterns with character classes involving [: and \ were incorrectly compiled and could cause reading from uninitialized memory or an incorrect error diagnosis. Examples are: /[[:\](?<[::]/ and /[[:\](?'abc')[a:]. * A missing closing parenthesis for a callout with a string argument was not being diagnosed, possibly leading to a buffer overflow. * If (?R was followed by - or + incorrect behaviour happened instead of a diagnostic. * Fixed an issue when \p{Any} inside an xclass did not read the current character. * About 80 more fixes, which you can read about in the ChangeLog shipped with the libpcre2-8-0 package.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-966=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i586 x86_64):
libpcre2-16-0-10.22-7.1 libpcre2-16-0-debuginfo-10.22-7.1 libpcre2-32-0-10.22-7.1 libpcre2-32-0-debuginfo-10.22-7.1 libpcre2-8-0-10.22-7.1 libpcre2-8-0-debuginfo-10.22-7.1 libpcre2-posix1-10.22-7.1 libpcre2-posix1-debuginfo-10.22-7.1 pcre2-debugsource-10.22-7.1 pcre2-devel-10.22-7.1 pcre2-devel-static-10.22-7.1 pcre2-tools-10.22-7.1 pcre2-tools-debuginfo-10.22-7.1
- openSUSE Leap 42.1 (x86_64):
libpcre2-16-0-32bit-10.22-7.1 libpcre2-16-0-debuginfo-32bit-10.22-7.1 libpcre2-32-0-32bit-10.22-7.1 libpcre2-32-0-debuginfo-32bit-10.22-7.1 libpcre2-8-0-32bit-10.22-7.1 libpcre2-8-0-debuginfo-32bit-10.22-7.1 libpcre2-posix1-32bit-10.22-7.1 libpcre2-posix1-debuginfo-32bit-10.22-7.1
- openSUSE Leap 42.1 (noarch):
pcre2-doc-10.22-7.1
References:
https://www.suse.com/security/cve/CVE-2016-3191.html https://bugzilla.suse.com/971741