logo
DATABASE RESOURCES PRICING ABOUT US

Medium: oniguruma

Description

**Issue Overview:** Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. (CVE-2019-16163) Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246) **Affected Packages:** oniguruma **Issue Correction:** Run _yum update oniguruma_ to update your system. **New Packages:** aarch64:     oniguruma-5.9.6-1.amzn2.0.3.aarch64     oniguruma-devel-5.9.6-1.amzn2.0.3.aarch64     oniguruma-debuginfo-5.9.6-1.amzn2.0.3.aarch64 i686:     oniguruma-5.9.6-1.amzn2.0.3.i686     oniguruma-devel-5.9.6-1.amzn2.0.3.i686     oniguruma-debuginfo-5.9.6-1.amzn2.0.3.i686 src:     oniguruma-5.9.6-1.amzn2.0.3.src x86_64:     oniguruma-5.9.6-1.amzn2.0.3.x86_64     oniguruma-devel-5.9.6-1.amzn2.0.3.x86_64     oniguruma-debuginfo-5.9.6-1.amzn2.0.3.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma-devel 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma-debuginfo 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma-devel 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma-debuginfo 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma-devel 5.9.6-1.amzn2.0.3
Amazon Linux 2 oniguruma-debuginfo 5.9.6-1.amzn2.0.3

Related