Описание
Security update for oniguruma
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847).
Список пакетов
Container bci/php-apache:8
libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest
libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8
libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest
libonig4-6.7.0-150000.3.3.1
Container bci/php:8
libonig4-6.7.0-150000.3.3.1
Container bci/php:latest
libonig4-6.7.0-150000.3.3.1
Container rancher/elemental-channel:latest
libonig4-6.7.0-150000.3.3.1
Container rancher/elemental-rt-channel:latest
libonig4-6.7.0-150000.3.3.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libonig4-6.7.0-150000.3.3.1
Container suse/sle-micro-rancher/5.2:latest
libonig4-6.7.0-150000.3.3.1
Container suse/sle-micro-rancher/5.3:latest
libonig4-6.7.0-150000.3.3.1
Container suse/sle-micro-rancher/5.4:latest
libonig4-6.7.0-150000.3.3.1
Container suse/sle-micro/5.5:latest
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP3-CHOST-BYOS-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP3-CHOST-BYOS-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP3-CHOST-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-CHOST-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-CHOST-BYOS-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-CHOST-BYOS-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-CHOST-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAP
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAP-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAP-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAP-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAPCAL
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAPCAL-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAPCAL-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP4-SAPCAL-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-CHOST-BYOS-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-CHOST-BYOS-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-CHOST-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-CHOST-BYOS-GDC
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-HPC-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-HPC-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Hardened-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-Micro-5-5-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAP-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAP-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAP-Hardened-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAPCAL-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAPCAL-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP5-SAPCAL-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS-GDC
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-HPC-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-HPC-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-Hardened-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-Hardened-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-BYOS
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAP-Hardened-GCE
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAPCAL
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAPCAL-Azure
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAPCAL-EC2
libonig4-6.7.0-150000.3.3.1
Image SLES15-SP6-SAPCAL-GCE
libonig4-6.7.0-150000.3.3.1
SUSE Enterprise Storage 6
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Enterprise Storage 7
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Micro 5.1
libonig4-6.7.0-150000.3.3.1
SUSE Linux Enterprise Micro 5.2
libonig4-6.7.0-150000.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Server 15 SP1-BCL
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Server 15 SP2-BCL
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Manager Proxy 4.1
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Manager Retail Branch Server 4.1
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
SUSE Manager Server 4.1
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
openSUSE Leap 15.3
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
openSUSE Leap 15.4
libonig4-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
openSUSE Leap Micro 5.2
libonig4-6.7.0-150000.3.3.1
Ссылки
- Link for SUSE-SU-2022:3327-1
- E-Mail link for SUSE-SU-2022:3327-1
- SUSE Security Ratings
- SUSE Bug 1142847
- SUSE Bug 1150130
- SUSE Bug 1157805
- SUSE Bug 1164550
- SUSE Bug 1164569
- SUSE Bug 1177179
- SUSE CVE CVE-2019-13224 page
- SUSE CVE CVE-2019-16163 page
- SUSE CVE CVE-2019-19203 page
- SUSE CVE CVE-2019-19204 page
- SUSE CVE CVE-2019-19246 page
- SUSE CVE CVE-2020-26159 page
Описание
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Затронутые продукты
Container bci/php-apache:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest:libonig4-6.7.0-150000.3.3.1
Ссылки
- CVE-2019-13224
- SUSE Bug 1142847
- SUSE Bug 1203568
Описание
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
Затронутые продукты
Container bci/php-apache:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest:libonig4-6.7.0-150000.3.3.1
Ссылки
- CVE-2019-16163
- SUSE Bug 1150130
- SUSE Bug 1203568
Описание
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Затронутые продукты
Container bci/php-apache:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest:libonig4-6.7.0-150000.3.3.1
Ссылки
- CVE-2019-19203
- SUSE Bug 1164550
- SUSE Bug 1203568
Описание
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Затронутые продукты
Container bci/php-apache:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest:libonig4-6.7.0-150000.3.3.1
Ссылки
- CVE-2019-19204
- SUSE Bug 1164569
- SUSE Bug 1203568
Описание
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Затронутые продукты
Container bci/php-apache:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest:libonig4-6.7.0-150000.3.3.1
Ссылки
- CVE-2019-19246
- SUSE Bug 1157805
- SUSE Bug 1203568
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
Container bci/php-apache:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-apache:latest:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:8:libonig4-6.7.0-150000.3.3.1
Container bci/php-fpm:latest:libonig4-6.7.0-150000.3.3.1
Ссылки
- CVE-2020-26159
- SUSE Bug 1177179
- SUSE Bug 1203568