openSUSE Security Update : pcre2 (openSUSE-2016-966)

critical Nessus Plugin ID 92974
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for pcre2 fixes the following issues :

- pcre2 10.22 :

- The POSIX wrapper function regcomp() did not used to support back references and subroutine calls if called with the REG_NOSUB option. It now does.

- A new function, pcre2_code_copy(), is added, to make a copy of a compiled pattern.

- Support for string callouts is added to pcre2grep.

- Added the PCRE2_NO_JIT option to pcre2_match().

- The pcre2_get_error_message() function now returns with a negative error code if the error number it is given is unknown.

- Several updates have been made to pcre2test and test scripts

- Fix CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses (boo#971741)

- Update to new upstream release 10.21

- Improve JIT matching speed of patterns starting with + or *.

- Use memchr() to find the first character in an unanchored match in 8-bit mode in the interpreter. This gives a significant speed improvement.

- 10.20 broke the handling of [[:>:]] and [[:<:]] in that processing them could involve a buffer overflow if the following character was an opening parenthesis.

- 10.20 also introduced a bug in processing this pattern:
/((?x)(*:0))#(?'/, which was fixed.

- A callout with a string argument containing an opening square bracket, for example /(?C$[$)(?<]/, was incorrectly processed and could provoke a buffer overflow.

- A possessively repeated conditional group that could match an empty string, for example, /(?(R))*+/, was incorrectly compiled.

- The Unicode tables have been updated to Unicode 8.0.0.

- An empty comment (?#) in a pattern was incorrectly processed and could provoke a buffer overflow.

- Fix infinite recursion in the JIT compiler when certain patterns /such as (?:|a|)(100)x/ are analysed.

- Some patterns with character classes involving [: and \\ were incorrectly compiled and could cause reading from uninitialized memory or an incorrect error diagnosis.
Examples are: /[[:\\](?<[::]/ and /[[:\\](?'abc')[a:].

- A missing closing parenthesis for a callout with a string argument was not being diagnosed, possibly leading to a buffer overflow.

- If (?R was followed by - or + incorrect behaviour happened instead of a diagnostic.

- Fixed an issue when \p(Any) inside an xclass did not read the current character.

- About 80 more fixes, which you can read about in the ChangeLog shipped with the libpcre2-8-0 package.

Solution

Update the affected pcre2 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=971741

Plugin Details

Severity: Critical

ID: 92974

File Name: openSUSE-2016-966.nasl

Version: 2.5

Type: local

Agent: unix

Published: 8/16/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libpcre2-16-0, p-cpe:/a:novell:opensuse:libpcre2-16-0-32bit, p-cpe:/a:novell:opensuse:libpcre2-16-0-debuginfo, p-cpe:/a:novell:opensuse:libpcre2-16-0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpcre2-32-0, p-cpe:/a:novell:opensuse:libpcre2-32-0-32bit, p-cpe:/a:novell:opensuse:libpcre2-32-0-debuginfo, p-cpe:/a:novell:opensuse:libpcre2-32-0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpcre2-8-0, p-cpe:/a:novell:opensuse:libpcre2-8-0-32bit, p-cpe:/a:novell:opensuse:libpcre2-8-0-debuginfo, p-cpe:/a:novell:opensuse:libpcre2-8-0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpcre2-posix1, p-cpe:/a:novell:opensuse:libpcre2-posix1-32bit, p-cpe:/a:novell:opensuse:libpcre2-posix1-debuginfo, p-cpe:/a:novell:opensuse:libpcre2-posix1-debuginfo-32bit, p-cpe:/a:novell:opensuse:pcre2-debugsource, p-cpe:/a:novell:opensuse:pcre2-devel, p-cpe:/a:novell:opensuse:pcre2-devel-static, p-cpe:/a:novell:opensuse:pcre2-tools, p-cpe:/a:novell:opensuse:pcre2-tools-debuginfo, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 3/17/2016

Reference Information

CVE: CVE-2016-3191