openSUSE Security Update : pcre (openSUSE-2016-1303)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This version fixes a number of vulnerabilities that affect pcre and
applications using the libary when accepting untrusted input as
regular expressions or as part thereof. Remote attackers could have
caused the application to crash, disclose information or potentially
execute arbitrary code.

- Update to PCRE 8.39 FATE#320298 boo#972127.

- CVE-2015-3210: heap buffer overflow in pcre_compile2() /
compile_regex() (boo#933288)

- CVE-2015-3217: pcre: PCRE Library Call Stack Overflow
Vulnerability in match() (boo#933878)

- CVE-2015-5073: pcre: Library Heap Overflow Vulnerability
in find_fixedlength() (boo#936227)

- boo#942865: heap overflow in compile_regex()

- CVE-2015-8380: pcre: heap overflow in pcre_exec

- boo#957598: various security issues fixed in pcre 8.37
and 8.38 release

- CVE-2016-1283: pcre: Heap buffer overflow in
pcre_compile2 causes DoS (boo#960837)

- CVE-2016-3191: pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (boo#971741)

See also :

Solution :

Update the affected pcre packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: SuSE Local Security Checks

Nessus Plugin ID: 94906 ()

Bugtraq ID:

CVE ID: CVE-2015-3210

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now