Описание
Security update for pcre
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest
libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest
libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest
libpcre1-8.45-8.7.1
HPE Helion OpenStack 8
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
Image SLES12-SP4-Azure-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP4-EC2-HVM-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP4-GCE-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP4-SAP-Azure
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-Azure-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-EC2-HVM
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-GCE
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP4-SAP-GCE-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-Azure-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpcre1-8.45-8.7.1
Image SLES12-SP5-Azure-HPC-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpcre1-8.45-8.7.1
Image SLES12-SP5-Azure-SAP-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpcre1-8.45-8.7.1
Image SLES12-SP5-EC2-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpcre1-8.45-8.7.1
Image SLES12-SP5-EC2-On-Demand
libpcre1-8.45-8.7.1
Image SLES12-SP5-EC2-SAP-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-GCE-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP5-GCE-On-Demand
libpcre1-8.45-8.7.1
Image SLES12-SP5-GCE-SAP-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-OCI-BYOS-BYOS
libpcre1-8.45-8.7.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpcre1-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
SUSE Linux Enterprise High Availability Extension 12 SP3
libpcreposix0-8.45-8.7.1
SUSE Linux Enterprise High Availability Extension 12 SP4
libpcreposix0-8.45-8.7.1
SUSE Linux Enterprise High Availability Extension 12 SP5
libpcreposix0-8.45-8.7.1
SUSE Linux Enterprise Server 12 SP2-BCL
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server 12 SP3-BCL
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server 12 SP3-LTSS
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server 12 SP4-LTSS
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server 12 SP5
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE Linux Enterprise Software Development Kit 12 SP5
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
pcre-devel-static-8.45-8.7.1
pcre-tools-8.45-8.7.1
selinux-policy-devel-20140730-36.5.2
SUSE Linux Enterprise Workstation Extension 12 SP5
libpcrecpp0-8.45-8.7.1
libpcrecpp0-32bit-8.45-8.7.1
SUSE OpenStack Cloud 8
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE OpenStack Cloud 9
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE OpenStack Cloud Crowbar 8
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
SUSE OpenStack Cloud Crowbar 9
libpcre1-8.45-8.7.1
libpcre1-32bit-8.45-8.7.1
libpcre16-0-8.45-8.7.1
libpcrecpp0-8.45-8.7.1
libpcreposix0-8.45-8.7.1
pcre-devel-8.45-8.7.1
selinux-policy-20140730-36.5.2
selinux-policy-devel-20140730-36.5.2
selinux-policy-minimum-20140730-36.5.2
Ссылки
- Link for SUSE-SU-2021:3652-1
- E-Mail link for SUSE-SU-2021:3652-1
- SUSE Security Ratings
- SUSE Bug 1025709
- SUSE Bug 1030066
- SUSE Bug 1030803
- SUSE Bug 1030805
- SUSE Bug 1030807
- SUSE Bug 1172973
- SUSE Bug 1172974
- SUSE CVE CVE-2017-6004 page
- SUSE CVE CVE-2017-7186 page
- SUSE CVE CVE-2017-7244 page
- SUSE CVE CVE-2017-7245 page
- SUSE CVE CVE-2017-7246 page
- SUSE CVE CVE-2019-20838 page
- SUSE CVE CVE-2020-14155 page
Описание
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2017-6004
- SUSE Bug 1025709
- SUSE Bug 1191803
- SUSE Bug 1193384
Описание
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2017-7186
- SUSE Bug 1030066
- SUSE Bug 1037164
Описание
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2017-7244
- SUSE Bug 1030807
Описание
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2017-7245
- SUSE Bug 1030805
Описание
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2017-7246
- SUSE Bug 1030803
- SUSE Bug 1030805
Описание
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2019-20838
- SUSE Bug 1172973
- SUSE Bug 1189526
- SUSE Bug 1193384
Описание
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp3:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp4:latest:libpcre1-8.45-8.7.1
Container suse/sles12sp5:latest:libpcre1-8.45-8.7.1
Ссылки
- CVE-2020-14155
- SUSE Bug 1172974