libpcre2-16-0-10.22-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10447 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpcre2-16-0-10.22-1.3 on GA media These are all security issues fixed in the libpcre2-16-0-10.22-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10447 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10447 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-8964/ SUSE CVE CVE-2014-8964 page https://www.suse.com/security/cve/CVE-2015-2325/ SUSE CVE CVE-2015-2325 page https://www.suse.com/security/cve/CVE-2015-2326/ SUSE CVE CVE-2015-2326 page https://www.suse.com/security/cve/CVE-2016-3191/ SUSE CVE CVE-2016-3191 page openSUSE Tumbleweed libpcre2-16-0-10.22-1.3 libpcre2-16-0-32bit-10.22-1.3 libpcre2-32-0-10.22-1.3 libpcre2-32-0-32bit-10.22-1.3 libpcre2-8-0-10.22-1.3 libpcre2-8-0-32bit-10.22-1.3 libpcre2-posix1-10.22-1.3 libpcre2-posix1-32bit-10.22-1.3 pcre2-devel-10.22-1.3 pcre2-devel-static-10.22-1.3 pcre2-doc-10.22-1.3 pcre2-tools-10.22-1.3 libpcre2-16-0-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-16-0-32bit-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-32-0-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-32-0-32bit-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-8-0-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-8-0-32bit-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-posix1-10.22-1.3 as a component of openSUSE Tumbleweed libpcre2-posix1-32bit-10.22-1.3 as a component of openSUSE Tumbleweed pcre2-devel-10.22-1.3 as a component of openSUSE Tumbleweed pcre2-devel-static-10.22-1.3 as a component of openSUSE Tumbleweed pcre2-doc-10.22-1.3 as a component of openSUSE Tumbleweed pcre2-tools-10.22-1.3 as a component of openSUSE Tumbleweed Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. CVE-2014-8964 openSUSE Tumbleweed:libpcre2-16-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-16-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-32bit-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-static-10.22-1.3 openSUSE Tumbleweed:pcre2-doc-10.22-1.3 openSUSE Tumbleweed:pcre2-tools-10.22-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8964.html CVE-2014-8964 https://bugzilla.suse.com/906574 SUSE Bug 906574 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. CVE-2015-2325 openSUSE Tumbleweed:libpcre2-16-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-16-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-32bit-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-static-10.22-1.3 openSUSE Tumbleweed:pcre2-doc-10.22-1.3 openSUSE Tumbleweed:pcre2-tools-10.22-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2325.html CVE-2015-2325 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVE-2015-2326 openSUSE Tumbleweed:libpcre2-16-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-16-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-32bit-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-static-10.22-1.3 openSUSE Tumbleweed:pcre2-doc-10.22-1.3 openSUSE Tumbleweed:pcre2-tools-10.22-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2326.html CVE-2015-2326 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/924961 SUSE Bug 924961 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. CVE-2016-3191 openSUSE Tumbleweed:libpcre2-16-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-16-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-32-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-10.22-1.3 openSUSE Tumbleweed:libpcre2-8-0-32bit-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-10.22-1.3 openSUSE Tumbleweed:libpcre2-posix1-32bit-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-10.22-1.3 openSUSE Tumbleweed:pcre2-devel-static-10.22-1.3 openSUSE Tumbleweed:pcre2-doc-10.22-1.3 openSUSE Tumbleweed:pcre2-tools-10.22-1.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3191.html CVE-2016-3191 https://bugzilla.suse.com/971741 SUSE Bug 971741