Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-1303.NASL
HistoryNov 16, 2016 - 12:00 a.m.

openSUSE Security Update : pcre (openSUSE-2016-1303)

2016-11-1600:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
25
JSON

This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code.

  • Update to PCRE 8.39 FATE#320298 boo#972127.

  • CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex() (boo#933288)

  • CVE-2015-3217: pcre: PCRE Library Call Stack Overflow Vulnerability in match() (boo#933878)

  • CVE-2015-5073: pcre: Library Heap Overflow Vulnerability in find_fixedlength() (boo#936227)

  • boo#942865: heap overflow in compile_regex()

  • CVE-2015-8380: pcre: heap overflow in pcre_exec (boo#957566)

  • boo#957598: various security issues fixed in pcre 8.37 and 8.38 release

  • CVE-2016-1283: pcre: Heap buffer overflow in pcre_compile2 causes DoS (boo#960837)

  • CVE-2016-3191: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (boo#971741)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-1303.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94906);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-3210", "CVE-2015-3217", "CVE-2015-5073", "CVE-2015-8380", "CVE-2016-1283", "CVE-2016-3191");

  script_name(english:"openSUSE Security Update : pcre (openSUSE-2016-1303)");
  script_summary(english:"Check for the openSUSE-2016-1303 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This version fixes a number of vulnerabilities that affect pcre and
applications using the libary when accepting untrusted input as
regular expressions or as part thereof. Remote attackers could have
caused the application to crash, disclose information or potentially
execute arbitrary code.

  - Update to PCRE 8.39 FATE#320298 boo#972127.

  - CVE-2015-3210: heap buffer overflow in pcre_compile2() /
    compile_regex() (boo#933288)

  - CVE-2015-3217: pcre: PCRE Library Call Stack Overflow
    Vulnerability in match() (boo#933878)

  - CVE-2015-5073: pcre: Library Heap Overflow Vulnerability
    in find_fixedlength() (boo#936227)

  - boo#942865: heap overflow in compile_regex()

  - CVE-2015-8380: pcre: heap overflow in pcre_exec
    (boo#957566)

  - boo#957598: various security issues fixed in pcre 8.37
    and 8.38 release

  - CVE-2016-1283: pcre: Heap buffer overflow in
    pcre_compile2 causes DoS (boo#960837)

  - CVE-2016-3191: pcre: workspace overflow for (*ACCEPT)
    with deeply nested parentheses (boo#971741)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=933288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=933878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=936227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942865"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971741"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972127"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected pcre packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-devel-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"libpcre1-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcre1-debuginfo-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcre16-0-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcre16-0-debuginfo-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcrecpp0-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcrecpp0-debuginfo-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcreposix0-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libpcreposix0-debuginfo-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"pcre-debugsource-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"pcre-devel-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"pcre-devel-static-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"pcre-tools-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"pcre-tools-debuginfo-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre1-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre16-0-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre16-0-debuginfo-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcreposix0-32bit-8.39-3.8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcreposix0-debuginfo-32bit-8.39-3.8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre1-32bit / libpcre1 / libpcre1-debuginfo-32bit / etc");
}
VendorProductVersionCPE
novellopensuselibpcre1p-cpe:/a:novell:opensuse:libpcre1
novellopensuselibpcre1-32bitp-cpe:/a:novell:opensuse:libpcre1-32bit
novellopensuselibpcre1-debuginfop-cpe:/a:novell:opensuse:libpcre1-debuginfo
novellopensuselibpcre1-debuginfo-32bitp-cpe:/a:novell:opensuse:libpcre1-debuginfo-32bit
novellopensuselibpcre16-0p-cpe:/a:novell:opensuse:libpcre16-0
novellopensuselibpcre16-0-32bitp-cpe:/a:novell:opensuse:libpcre16-0-32bit
novellopensuselibpcre16-0-debuginfop-cpe:/a:novell:opensuse:libpcre16-0-debuginfo
novellopensuselibpcre16-0-debuginfo-32bitp-cpe:/a:novell:opensuse:libpcre16-0-debuginfo-32bit
novellopensuselibpcrecpp0p-cpe:/a:novell:opensuse:libpcrecpp0
novellopensuselibpcrecpp0-32bitp-cpe:/a:novell:opensuse:libpcrecpp0-32bit
Rows per page:
1-10 of 221

Related

nessus 46
freebsd 5
openvas 31
fedora 11
mageia 2
ibm 11
securityvulns 2
ubuntucve 11
oraclelinux 1
redhat 2
centos 1
prion 6
cve 6
debiancve 6
veracode 23
ubuntu 2
f5 10
slackware 3
archlinux 2
osv 2
zdi 1
altlinux 3
alpinelinux 2
amazon 4
gentoo 1
symantec 1
openwrt 1
rosalinux 1
suse 2
nessus
nessus
FreeBSD : pcre -- multiple vulnerabilities (e69af246-0ae2-11e5-90e4-d050996490d0)
2015-06-08 00:00:00
Fedora 21 : pcre-8.35-12.fc21 (2015-11019)
2015-07-20 00:00:00
Fedora 22 : pcre-8.37-2.fc22 (2015-11027)
2015-07-14 00:00:00
freebsd
freebsd
pcre -- multiple vulnerabilities
2015-05-29 00:00:00
pcre -- Heap Overflow Vulnerability in find_fixedlength()
2015-06-23 00:00:00
pcre -- stack buffer overflow
2016-02-09 00:00:00
openvas
openvas
Fedora Update for pcre FEDORA-2015-11027
2015-07-14 00:00:00
Fedora Update for pcre FEDORA-2015-12921
2015-08-14 00:00:00
Mageia: Security Advisory (MGASA-2016-0204)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: pcre-8.37-3.fc22
2015-08-13 16:57:41
[SECURITY] Fedora 22 Update: pcre-8.37-2.fc22
2015-07-13 19:13:55
[SECURITY] Fedora 21 Update: pcre-8.35-12.fc21
2015-07-18 02:05:10
mageia
mageia
Updated pcre packages fix security vulnerabilities
2016-05-24 01:00:58
Updated pcre package fixes security vulnerability
2015-07-05 20:22:03
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience
2018-06-16 20:03:39
Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2016-1283, CVE-2016-3191)
2019-10-18 03:10:29
Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM
2018-06-18 01:32:32
securityvulns
securityvulns
PCRE multiple security vulnerabilities
2015-08-02 00:00:00
[USN-2694-1] PCRE vulnerabilities
2015-08-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-5073
2015-06-26 00:00:00
CVE-2015-2325
2015-04-01 00:00:00
CVE-2015-2326
2015-04-01 00:00:00
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update
2016-05-26 08:10:09
centos
centos
pcre security update
2016-05-13 00:44:08
prion
prion
Heap overflow
2015-12-02 01:59:00
Stack overflow
2016-12-13 16:59:00
Heap overflow
2016-12-13 16:59:00
cve
cve
CVE-2015-8380
2015-12-02 01:59:00
CVE-2015-3217
2016-12-13 16:59:00
CVE-2015-5073
2016-12-13 16:59:00
debiancve
debiancve
CVE-2015-8380
2015-12-02 01:59:00
CVE-2015-3217
2016-12-13 16:59:00
CVE-2015-5073
2016-12-13 16:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:16
Denial Of Service (DoS)
2019-05-02 05:34:18
Arbitrary Code Execution
2019-05-02 05:34:23
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
PCRE vulnerabilities
2016-03-29 00:00:00
f5
f5
SOL17235 - PCRE library vulnerability CVE-2015-3210
2015-09-08 00:00:00
K17331 : PCRE library vulnerability CVE-2015-5073
2015-09-29 00:00:00
SOL17331 - PCRE library vulnerability CVE-2015-5073
2015-09-29 00:00:00
slackware
slackware
[slackware-security] pcre
2015-11-25 07:21:21
[slackware-security] php
2017-10-27 20:55:24
[slackware-security] pcre
2016-06-20 21:53:15
archlinux
archlinux
pcre: buffer overflow
2015-06-05 00:00:00
pcre: arbitrary code execution
2016-03-13 00:00:00
osv
osv
CVE-2016-1283
2016-01-03 00:59:00
CVE-2016-3191
2016-03-17 23:59:00
zdi
zdi
PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
2016-08-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.1.11-alt1
2017-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.1.11-alt1
2017-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.1.11-alt1
2017-11-03 00:00:00
alpinelinux
alpinelinux
CVE-2016-3191
2016-03-17 23:59:00
CVE-2016-1283
2016-01-03 00:59:00
amazon
amazon
Important: php56, php70, php71
2017-11-15 20:05:00
Important: pcre
2018-09-05 20:42:00
Medium: pcre
2023-06-05 16:39:00
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
JSON
Related for OPENSUSE-2016-1303.NASL
nessus46freebsd5openvas31fedora11mageia2ibm11securityvulns2ubuntucve11oraclelinux1redhat2centos1prion6cve6debiancve6veracode23ubuntu2f510slackware3archlinux2osv2zdi1altlinux3alpinelinux2amazon4gentoo1symantec1openwrt1rosalinux1suse2