openSUSE Security Update : pcre2 (openSUSE-2016-966)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for pcre2 fixes the following issues :

- pcre2 10.22 :

- The POSIX wrapper function regcomp() did not used to
support back references and subroutine calls if called
with the REG_NOSUB option. It now does.

- A new function, pcre2_code_copy(), is added, to make a
copy of a compiled pattern.

- Support for string callouts is added to pcre2grep.

- Added the PCRE2_NO_JIT option to pcre2_match().

- The pcre2_get_error_message() function now returns with
a negative error code if the error number it is given is
unknown.

- Several updates have been made to pcre2test and test
scripts

- Fix CVE-2016-3191: workspace overflow for (*ACCEPT) with
deeply nested parentheses (boo#971741)

- Update to new upstream release 10.21

- Improve JIT matching speed of patterns starting with +
or *.

- Use memchr() to find the first character in an
unanchored match in 8-bit mode in the interpreter. This
gives a significant speed improvement.

- 10.20 broke the handling of [[:>:]] and [[:<:]] in that
processing them could involve a buffer overflow if the
following character was an opening parenthesis.

- 10.20 also introduced a bug in processing this pattern:
/((?x)(*:0))#(?'/, which was fixed.

- A callout with a string argument containing an opening
square bracket, for example /(?C$[$)(?<]/, was
incorrectly processed and could provoke a buffer
overflow.

- A possessively repeated conditional group that could
match an empty string, for example, /(?(R))*+/, was
incorrectly compiled.

- The Unicode tables have been updated to Unicode 8.0.0.

- An empty comment (?#) in a pattern was incorrectly
processed and could provoke a buffer overflow.

- Fix infinite recursion in the JIT compiler when certain
patterns /such as (?:|a|){100}x/ are analysed.

- Some patterns with character classes involving [: and \\
were incorrectly compiled and could cause reading from
uninitialized memory or an incorrect error diagnosis.
Examples are: /[[:\\](?<[::]/ and /[[:\\](?'abc')[a:].

- A missing closing parenthesis for a callout with a
string argument was not being diagnosed, possibly
leading to a buffer overflow.

- If (?R was followed by - or + incorrect behaviour
happened instead of a diagnostic.

- Fixed an issue when \p{Any} inside an xclass did not
read the current character.

- About 80 more fixes, which you can read about in the
ChangeLog shipped with the libpcre2-8-0 package.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=971741

Solution :

Update the affected pcre2 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 92974 ()

Bugtraq ID:

CVE ID: CVE-2016-3191

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now