OPENSUSE-SU-2022:2649-1 Security update for pcre2

This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode bsc1164384. - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions bsc1199235...

CentOS 8 : pcre2 (CESA-2020:4539)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4539 advisory. - pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode CVE-2019-20454 Note that Nessus has not tested for this issue but has instead relied only...

RHEL 8 : pcre2 (RHSA-2020:4539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4539 advisory. The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching...

ALSA-2020:4539 Moderate: pcre2 security and enhancement update

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fixes: pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode CVE-2019-20454 For...

RLSA-2020:4539 Moderate: pcre2 security and enhancement update

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fixes: pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode CVE-2019-20454 For...

pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode

An out-of-bounds read was discovered in PCRE when the pattern "\X" is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to crash the application...

RLSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

DEBIAN-CVE-2019-20838

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

MGASA-2018-0127 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has bee...

Fedora 24 : pcre (2017-3b367c896f)

This release fixes a crash when finding a Unicode property for a character with a code point greater than 0x10ffff in UTF-32 library while UTF mode is disabled and JIT mde enabled. It also fixes a buffer overlflow in pcretest tool when copying a string in UTF-32 mode. Note that Tenable Network...