libpcre1-32bit-8.45-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11153 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpcre1-32bit-8.45-1.2 on GA media These are all security issues fixed in the libpcre1-32bit-8.45-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11153 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11153 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-6004/ SUSE CVE CVE-2017-6004 page https://www.suse.com/security/cve/CVE-2017-7186/ SUSE CVE CVE-2017-7186 page https://www.suse.com/security/cve/CVE-2017-7245/ SUSE CVE CVE-2017-7245 page openSUSE Tumbleweed libpcre1-8.45-1.2 libpcre1-32bit-8.45-1.2 libpcre16-0-8.45-1.2 libpcre16-0-32bit-8.45-1.2 libpcrecpp0-8.45-1.2 libpcrecpp0-32bit-8.45-1.2 libpcreposix0-8.45-1.2 libpcreposix0-32bit-8.45-1.2 pcre-devel-8.45-1.2 pcre-devel-static-8.45-1.2 pcre-doc-8.45-1.2 pcre-testsuite-8.45-1.2 pcre-tools-8.45-1.2 libpcre1-8.45-1.2 as a component of openSUSE Tumbleweed libpcre1-32bit-8.45-1.2 as a component of openSUSE Tumbleweed libpcre16-0-8.45-1.2 as a component of openSUSE Tumbleweed libpcre16-0-32bit-8.45-1.2 as a component of openSUSE Tumbleweed libpcrecpp0-8.45-1.2 as a component of openSUSE Tumbleweed libpcrecpp0-32bit-8.45-1.2 as a component of openSUSE Tumbleweed libpcreposix0-8.45-1.2 as a component of openSUSE Tumbleweed libpcreposix0-32bit-8.45-1.2 as a component of openSUSE Tumbleweed pcre-devel-8.45-1.2 as a component of openSUSE Tumbleweed pcre-devel-static-8.45-1.2 as a component of openSUSE Tumbleweed pcre-doc-8.45-1.2 as a component of openSUSE Tumbleweed pcre-testsuite-8.45-1.2 as a component of openSUSE Tumbleweed pcre-tools-8.45-1.2 as a component of openSUSE Tumbleweed The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. CVE-2017-6004 openSUSE Tumbleweed:libpcre1-32bit-8.45-1.2 openSUSE Tumbleweed:libpcre1-8.45-1.2 openSUSE Tumbleweed:libpcre16-0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcre16-0-8.45-1.2 openSUSE Tumbleweed:libpcrecpp0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcrecpp0-8.45-1.2 openSUSE Tumbleweed:libpcreposix0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcreposix0-8.45-1.2 openSUSE Tumbleweed:pcre-devel-8.45-1.2 openSUSE Tumbleweed:pcre-devel-static-8.45-1.2 openSUSE Tumbleweed:pcre-doc-8.45-1.2 openSUSE Tumbleweed:pcre-testsuite-8.45-1.2 openSUSE Tumbleweed:pcre-tools-8.45-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6004.html CVE-2017-6004 https://bugzilla.suse.com/1025709 SUSE Bug 1025709 https://bugzilla.suse.com/1191803 SUSE Bug 1191803 https://bugzilla.suse.com/1193384 SUSE Bug 1193384 libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. CVE-2017-7186 openSUSE Tumbleweed:libpcre1-32bit-8.45-1.2 openSUSE Tumbleweed:libpcre1-8.45-1.2 openSUSE Tumbleweed:libpcre16-0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcre16-0-8.45-1.2 openSUSE Tumbleweed:libpcrecpp0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcrecpp0-8.45-1.2 openSUSE Tumbleweed:libpcreposix0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcreposix0-8.45-1.2 openSUSE Tumbleweed:pcre-devel-8.45-1.2 openSUSE Tumbleweed:pcre-devel-static-8.45-1.2 openSUSE Tumbleweed:pcre-doc-8.45-1.2 openSUSE Tumbleweed:pcre-testsuite-8.45-1.2 openSUSE Tumbleweed:pcre-tools-8.45-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7186.html CVE-2017-7186 https://bugzilla.suse.com/1030066 SUSE Bug 1030066 https://bugzilla.suse.com/1037164 SUSE Bug 1037164 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. CVE-2017-7245 openSUSE Tumbleweed:libpcre1-32bit-8.45-1.2 openSUSE Tumbleweed:libpcre1-8.45-1.2 openSUSE Tumbleweed:libpcre16-0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcre16-0-8.45-1.2 openSUSE Tumbleweed:libpcrecpp0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcrecpp0-8.45-1.2 openSUSE Tumbleweed:libpcreposix0-32bit-8.45-1.2 openSUSE Tumbleweed:libpcreposix0-8.45-1.2 openSUSE Tumbleweed:pcre-devel-8.45-1.2 openSUSE Tumbleweed:pcre-devel-static-8.45-1.2 openSUSE Tumbleweed:pcre-doc-8.45-1.2 openSUSE Tumbleweed:pcre-testsuite-8.45-1.2 openSUSE Tumbleweed:pcre-tools-8.45-1.2 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7245.html CVE-2017-7245 https://bugzilla.suse.com/1030805 SUSE Bug 1030805