Описание
Security update for pcre
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
Список пакетов
openSUSE Leap 15.3
libpcre1-8.45-20.10.1
libpcre1-32bit-8.45-20.10.1
libpcre16-0-8.45-20.10.1
libpcre16-0-32bit-8.45-20.10.1
libpcrecpp0-8.45-20.10.1
libpcrecpp0-32bit-8.45-20.10.1
libpcreposix0-8.45-20.10.1
libpcreposix0-32bit-8.45-20.10.1
pcre-devel-8.45-20.10.1
pcre-devel-static-8.45-20.10.1
pcre-doc-8.45-20.10.1
pcre-tools-8.45-20.10.1
Ссылки
- E-Mail link for openSUSE-SU-2021:3529-1
- SUSE Security Ratings
- SUSE Bug 1172973
- SUSE Bug 1172974
- SUSE CVE CVE-2019-20838 page
- SUSE CVE CVE-2020-14155 page
Описание
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Затронутые продукты
openSUSE Leap 15.3:libpcre1-32bit-8.45-20.10.1
openSUSE Leap 15.3:libpcre1-8.45-20.10.1
openSUSE Leap 15.3:libpcre16-0-32bit-8.45-20.10.1
openSUSE Leap 15.3:libpcre16-0-8.45-20.10.1
Ссылки
- CVE-2019-20838
- SUSE Bug 1172973
- SUSE Bug 1189526
- SUSE Bug 1193384
Описание
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Затронутые продукты
openSUSE Leap 15.3:libpcre1-32bit-8.45-20.10.1
openSUSE Leap 15.3:libpcre1-8.45-20.10.1
openSUSE Leap 15.3:libpcre16-0-32bit-8.45-20.10.1
openSUSE Leap 15.3:libpcre16-0-8.45-20.10.1
Ссылки
- CVE-2020-14155
- SUSE Bug 1172974