openSUSE Security Update : pcre (openSUSE-2016-1303)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This version fixes a number of vulnerabilities that affect pcre and
applications using the libary when accepting untrusted input as
regular expressions or as part thereof. Remote attackers could have
caused the application to crash, disclose information or potentially
execute arbitrary code.

- Update to PCRE 8.39 FATE#320298 boo#972127.

- CVE-2015-3210: heap buffer overflow in pcre_compile2() /
compile_regex() (boo#933288)

- CVE-2015-3217: pcre: PCRE Library Call Stack Overflow
Vulnerability in match() (boo#933878)

- CVE-2015-5073: pcre: Library Heap Overflow Vulnerability
in find_fixedlength() (boo#936227)

- boo#942865: heap overflow in compile_regex()

- CVE-2015-8380: pcre: heap overflow in pcre_exec
(boo#957566)

- boo#957598: various security issues fixed in pcre 8.37
and 8.38 release

- CVE-2016-1283: pcre: Heap buffer overflow in
pcre_compile2 causes DoS (boo#960837)

- CVE-2016-3191: pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (boo#971741)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=933288
https://bugzilla.opensuse.org/show_bug.cgi?id=933878
https://bugzilla.opensuse.org/show_bug.cgi?id=936227
https://bugzilla.opensuse.org/show_bug.cgi?id=942865
https://bugzilla.opensuse.org/show_bug.cgi?id=957566
https://bugzilla.opensuse.org/show_bug.cgi?id=957598
https://bugzilla.opensuse.org/show_bug.cgi?id=960837
https://bugzilla.opensuse.org/show_bug.cgi?id=971741
https://bugzilla.opensuse.org/show_bug.cgi?id=972127

Solution :

Update the affected pcre packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 94906 ()

Bugtraq ID:

CVE ID: CVE-2015-3210
CVE-2015-3217
CVE-2015-5073
CVE-2015-8380
CVE-2016-1283
CVE-2016-3191

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now