SUSE-SU-2022:2649-1

Опубликовано: 03 авг. 2022

Источник: suse-cvrf

Описание

Security update for pcre2

This update for pcre2 fixes the following issues:

CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

Список пакетов

Container bci/bci-init:15.3

libpcre2-8-0-10.31-150000.3.12.1

Container bci/node:12

libpcre2-8-0-10.31-150000.3.12.1

Container bci/python:3

libpcre2-8-0-10.31-150000.3.12.1

Container ses/7.1/ceph/haproxy:latest

libpcre2-8-0-10.31-150000.3.12.1

Container ses/7.1/ceph/keepalived:latest

libpcre2-8-0-10.31-150000.3.12.1

Container ses/7.1/cephcsi/cephcsi:latest

libpcre2-8-0-10.31-150000.3.12.1

Container ses/7.1/rook/ceph:latest

libpcre2-8-0-10.31-150000.3.12.1

Container suse/sle-micro-rancher/5.2:latest

libpcre2-8-0-10.31-150000.3.12.1

Container trento/trento-db:latest

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP1-SAPCAL-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP1-SAPCAL-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-HPC-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-Azure

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-BYOS-Azure

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-BYOS-GCE

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-EC2-HVM

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP2-SAP-GCE

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-CHOST-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-CHOST-BYOS-EC2

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-CHOST-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-HPC-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-HPC-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAP-BYOS-Azure

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAP-BYOS-GCE

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAPCAL-Azure

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libpcre2-8-0-10.31-150000.3.12.1

Image SLES15-SP3-SAPCAL-GCE

libpcre2-8-0-10.31-150000.3.12.1

SUSE Enterprise Storage 6

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Enterprise Storage 7

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Micro 5.1

libpcre2-8-0-10.31-150000.3.12.1

SUSE Linux Enterprise Micro 5.2

libpcre2-8-0-10.31-150000.3.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server 15 SP1-BCL

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server 15 SP2-BCL

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server 15-LTSS

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server for SAP Applications 15

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Manager Proxy 4.1

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Manager Retail Branch Server 4.1

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

SUSE Manager Server 4.1

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

openSUSE Leap 15.3

libpcre2-16-0-10.31-150000.3.12.1

libpcre2-16-0-32bit-10.31-150000.3.12.1

libpcre2-32-0-10.31-150000.3.12.1

libpcre2-32-0-32bit-10.31-150000.3.12.1

libpcre2-8-0-10.31-150000.3.12.1

libpcre2-8-0-32bit-10.31-150000.3.12.1

libpcre2-posix2-10.31-150000.3.12.1

libpcre2-posix2-32bit-10.31-150000.3.12.1

pcre2-devel-10.31-150000.3.12.1

pcre2-devel-static-10.31-150000.3.12.1

pcre2-doc-10.31-150000.3.12.1

pcre2-tools-10.31-150000.3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222649-1/
Link for SUSE-SU-2022:2649-1
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011755.html
E-Mail link for SUSE-SU-2022:2649-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1164384
SUSE Bug 1164384
https://bugzilla.suse.com/1199235
SUSE Bug 1199235
https://www.suse.com/security/cve/CVE-2019-20454/
SUSE CVE CVE-2019-20454 page
https://www.suse.com/security/cve/CVE-2022-1587/
SUSE CVE CVE-2022-1587 page

Описание

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

Затронутые продукты

Container bci/bci-init:15.3:libpcre2-8-0-10.31-150000.3.12.1

Container bci/node:12:libpcre2-8-0-10.31-150000.3.12.1

Container bci/python:3:libpcre2-8-0-10.31-150000.3.12.1

Container ses/7.1/ceph/haproxy:latest:libpcre2-8-0-10.31-150000.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-20454.html
CVE-2019-20454
https://bugzilla.suse.com/1164384
SUSE Bug 1164384
https://bugzilla.suse.com/1172973
SUSE Bug 1172973

Описание

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Затронутые продукты

Container bci/bci-init:15.3:libpcre2-8-0-10.31-150000.3.12.1

Container bci/node:12:libpcre2-8-0-10.31-150000.3.12.1

Container bci/python:3:libpcre2-8-0-10.31-150000.3.12.1

Container ses/7.1/ceph/haproxy:latest:libpcre2-8-0-10.31-150000.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-1587.html
CVE-2022-1587
https://bugzilla.suse.com/1199235
SUSE Bug 1199235
https://bugzilla.suse.com/1201754
SUSE Bug 1201754
https://bugzilla.suse.com/1203032
SUSE Bug 1203032