libpcre1-32bit-8.39-2.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10277 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpcre1-32bit-8.39-2.5 on GA media These are all security issues fixed in the libpcre1-32bit-8.39-2.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10277 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10277 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-8964/ SUSE CVE CVE-2014-8964 page https://www.suse.com/security/cve/CVE-2015-2325/ SUSE CVE CVE-2015-2325 page https://www.suse.com/security/cve/CVE-2015-2326/ SUSE CVE CVE-2015-2326 page https://www.suse.com/security/cve/CVE-2015-3217/ SUSE CVE CVE-2015-3217 page https://www.suse.com/security/cve/CVE-2016-1283/ SUSE CVE CVE-2016-1283 page https://www.suse.com/security/cve/CVE-2016-3191/ SUSE CVE CVE-2016-3191 page openSUSE Tumbleweed libpcre1-8.39-2.5 libpcre1-32bit-8.39-2.5 libpcre16-0-8.39-2.5 libpcre16-0-32bit-8.39-2.5 libpcrecpp0-8.39-2.5 libpcrecpp0-32bit-8.39-2.5 libpcreposix0-8.39-2.5 libpcreposix0-32bit-8.39-2.5 pcre-devel-8.39-2.5 pcre-devel-static-8.39-2.5 pcre-doc-8.39-2.5 pcre-tools-8.39-2.5 libpcre1-8.39-2.5 as a component of openSUSE Tumbleweed libpcre1-32bit-8.39-2.5 as a component of openSUSE Tumbleweed libpcre16-0-8.39-2.5 as a component of openSUSE Tumbleweed libpcre16-0-32bit-8.39-2.5 as a component of openSUSE Tumbleweed libpcrecpp0-8.39-2.5 as a component of openSUSE Tumbleweed libpcrecpp0-32bit-8.39-2.5 as a component of openSUSE Tumbleweed libpcreposix0-8.39-2.5 as a component of openSUSE Tumbleweed libpcreposix0-32bit-8.39-2.5 as a component of openSUSE Tumbleweed pcre-devel-8.39-2.5 as a component of openSUSE Tumbleweed pcre-devel-static-8.39-2.5 as a component of openSUSE Tumbleweed pcre-doc-8.39-2.5 as a component of openSUSE Tumbleweed pcre-tools-8.39-2.5 as a component of openSUSE Tumbleweed Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. CVE-2014-8964 openSUSE Tumbleweed:libpcre1-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre1-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-8.39-2.5 openSUSE Tumbleweed:pcre-devel-8.39-2.5 openSUSE Tumbleweed:pcre-devel-static-8.39-2.5 openSUSE Tumbleweed:pcre-doc-8.39-2.5 openSUSE Tumbleweed:pcre-tools-8.39-2.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8964.html CVE-2014-8964 https://bugzilla.suse.com/906574 SUSE Bug 906574 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. CVE-2015-2325 openSUSE Tumbleweed:libpcre1-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre1-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-8.39-2.5 openSUSE Tumbleweed:pcre-devel-8.39-2.5 openSUSE Tumbleweed:pcre-devel-static-8.39-2.5 openSUSE Tumbleweed:pcre-doc-8.39-2.5 openSUSE Tumbleweed:pcre-tools-8.39-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2325.html CVE-2015-2325 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVE-2015-2326 openSUSE Tumbleweed:libpcre1-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre1-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-8.39-2.5 openSUSE Tumbleweed:pcre-devel-8.39-2.5 openSUSE Tumbleweed:pcre-devel-static-8.39-2.5 openSUSE Tumbleweed:pcre-doc-8.39-2.5 openSUSE Tumbleweed:pcre-tools-8.39-2.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2326.html CVE-2015-2326 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/924961 SUSE Bug 924961 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. CVE-2015-3217 openSUSE Tumbleweed:libpcre1-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre1-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-8.39-2.5 openSUSE Tumbleweed:pcre-devel-8.39-2.5 openSUSE Tumbleweed:pcre-devel-static-8.39-2.5 openSUSE Tumbleweed:pcre-doc-8.39-2.5 openSUSE Tumbleweed:pcre-tools-8.39-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3217.html CVE-2015-3217 https://bugzilla.suse.com/933878 SUSE Bug 933878 https://bugzilla.suse.com/958373 SUSE Bug 958373 The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. CVE-2016-1283 openSUSE Tumbleweed:libpcre1-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre1-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-8.39-2.5 openSUSE Tumbleweed:pcre-devel-8.39-2.5 openSUSE Tumbleweed:pcre-devel-static-8.39-2.5 openSUSE Tumbleweed:pcre-doc-8.39-2.5 openSUSE Tumbleweed:pcre-tools-8.39-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1283.html CVE-2016-1283 https://bugzilla.suse.com/960837 SUSE Bug 960837 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. CVE-2016-3191 openSUSE Tumbleweed:libpcre1-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre1-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcre16-0-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcrecpp0-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-32bit-8.39-2.5 openSUSE Tumbleweed:libpcreposix0-8.39-2.5 openSUSE Tumbleweed:pcre-devel-8.39-2.5 openSUSE Tumbleweed:pcre-devel-static-8.39-2.5 openSUSE Tumbleweed:pcre-doc-8.39-2.5 openSUSE Tumbleweed:pcre-tools-8.39-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3191.html CVE-2016-3191 https://bugzilla.suse.com/971741 SUSE Bug 971741