Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2022:3327-1
HistorySep 21, 2022 - 12:00 a.m.

Security update for oniguruma (important)

2022-09-2100:00:00
lists.opensuse.org
26

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

An update that fixes 6 vulnerabilities is now available.

Description:

This update for oniguruma fixes the following issues:

  • CVE-2019-19246: Fixed an out of bounds access during regular expression
    matching (bsc#1157805).
  • CVE-2019-19204: Fixed an out of bounds access when compiling a crafted
    regular expression (bsc#1164569).
  • CVE-2019-19203: Fixed an out of bounds access when performing a string
    search (bsc#1164550).
  • CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a
    crafted regular expression, which could lead to denial of service
    (bsc#1150130).
  • CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
  • CVE-2019-13224: Fixed a potential use-after-free when handling multiple
    different encodings (bsc#1142847).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap Micro 5.2:

    zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3327=1

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3327=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3327=1

  • SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3327=1

  • SUSE Manager Retail Branch Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3327=1

  • SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3327=1

  • SUSE Linux Enterprise Server for SAP 15-SP2:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3327=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3327=1

  • SUSE Linux Enterprise Server 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3327=1

  • SUSE Linux Enterprise Server 15-SP2-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3327=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3327=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3327=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3327=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3327=1

  • SUSE Linux Enterprise Micro 5.2:

    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3327=1

  • SUSE Linux Enterprise Micro 5.1:

    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3327=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3327=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3327=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3327=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3327=1

  • SUSE Enterprise Storage 7:

    zypper in -t patch SUSE-Storage-7-2022-3327=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-3327=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

OSVersionArchitecturePackageVersionFilename
openSUSE Leap Micro5.2aarch64< - openSUSE Leap Micro 5.2 (aarch64 x86_64):- openSUSE Leap Micro 5.2 (aarch64 x86_64):.aarch64.rpm
openSUSE Leap Micro5.2x86_64< - openSUSE Leap Micro 5.2 (aarch64 x86_64):- openSUSE Leap Micro 5.2 (aarch64 x86_64):.x86_64.rpm
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
Rows per page:
1-10 of 561

Related

nessus 53
openvas 37
debian 5
osv 15
almalinux 2
fedora 9
redhat 7
oraclelinux 2
mageia 3
ubuntu 3
amazon 5
altlinux 2
veracode 5
redhatcve 6
cve 6
ubuntucve 5
prion 6
debiancve 5
githubexploit 4
alpinelinux 4
f5 1
thn 1
cbl_mariner 1
photon 7
rocky 1
gentoo 1
freebsd 1
ibm 2
nessus
nessus
SUSE SLED15 / SLES15 Security Update : oniguruma (SUSE-SU-2022:3327-1)
2022-09-22 00:00:00
EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)
2020-01-02 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM : Oniguruma vulnerabilities (USN-5662-1)
2023-10-16 00:00:00
openvas
openvas
openSUSE: Security Advisory for oniguruma (SUSE-SU-2022:3327-1)
2022-09-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3327-1)
2022-09-22 00:00:00
Debian: Security Advisory (DLA-2431-1)
2020-11-05 00:00:00
debian
debian
[SECURITY][DLA 2431-1] libonig security update
2020-11-05 01:29:26
[SECURITY] [DLA 2020-1] libonig security update
2019-12-04 11:43:12
[SECURITY] [DLA 1918-1] libonig security update
2019-09-12 09:48:11
osv
osv
libonig - security update
2020-11-03 00:00:00
Moderate: oniguruma security update
2024-02-20 00:00:00
libonig vulnerabilities
2022-10-10 05:11:49
almalinux
almalinux
Moderate: oniguruma security update
2024-02-20 00:00:00
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
fedora
fedora
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-4.fc30
2019-12-08 01:03:41
[SECURITY] Fedora 31 Update: oniguruma-6.9.4-1.fc31
2019-12-04 01:15:49
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-3.fc30
2019-11-21 00:56:07
redhat
redhat
(RHSA-2024:0889) Moderate: oniguruma security update
2024-02-20 11:21:18
(RHSA-2024:0572) Moderate: oniguruma security update
2024-01-30 12:53:17
(RHSA-2024:0409) Moderate: oniguruma security update
2024-01-24 14:40:20
oraclelinux
oraclelinux
oniguruma security update
2024-02-20 00:00:00
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00
mageia
mageia
Updated oniguruma packages fix security vulnerabilities
2020-01-12 02:52:04
Updated oniguruma packages fix security vulnerability
2020-12-08 13:40:32
Updated php packages fix security vulnerabilities
2019-09-07 00:09:08
ubuntu
ubuntu
Oniguruma vulnerabilities
2022-10-10 00:00:00
Oniguruma vulnerabilities
2020-08-17 00:00:00
PHP vulnerability
2019-08-07 00:00:00
amazon
amazon
Medium: oniguruma
2020-01-06 23:44:00
Medium: oniguruma
2020-11-09 21:04:00
Medium: oniguruma
2019-09-30 20:59:00
altlinux
altlinux
Security fix for the ALT Linux 8 package oniguruma version 6.9.4-alt1
2019-12-04 00:00:00
Security fix for the ALT Linux 10 package edk2 version 20191122-alt1
2019-12-18 00:00:00
veracode
veracode
Buffer Over-read
2020-12-02 09:50:08
Buffer Over-read
2020-12-02 09:50:09
Denial Of Service (DoS)
2019-09-13 06:32:40
redhatcve
redhatcve
CVE-2019-19203
2020-02-12 10:14:22
CVE-2019-19246
2020-03-29 08:05:22
CVE-2019-16163
2019-11-05 18:26:30
cve
cve
CVE-2019-19246
2019-11-25 17:15:00
CVE-2019-16163
2019-09-09 17:15:00
CVE-2020-26159
2020-09-30 21:15:00
ubuntucve
ubuntucve
CVE-2019-19203
2019-11-21 00:00:00
CVE-2019-19246
2019-11-25 00:00:00
CVE-2019-19204
2019-11-21 00:00:00
prion
prion
Heap overflow
2019-11-25 17:15:00
Heap overflow
2019-11-21 21:15:00
Stack overflow
2019-09-09 17:15:00
debiancve
debiancve
CVE-2019-19246
2019-11-25 17:15:00
CVE-2019-16163
2019-09-09 17:15:00
CVE-2019-13224
2019-07-10 14:15:00
githubexploit
githubexploit
Exploit for Out-of-bounds Read in Oniguruma Project Oniguruma
2019-11-21 22:43:34
Exploit for Out-of-bounds Read in Oniguruma Project Oniguruma
2019-12-24 08:11:11
Exploit for Out-of-bounds Read in Oniguruma Project Oniguruma
2019-12-24 08:19:02
alpinelinux
alpinelinux
CVE-2019-19203
2019-11-21 21:15:00
CVE-2019-19204
2019-11-21 21:15:00
CVE-2019-13224
2019-07-10 14:15:00
f5
f5
K00103182 : Oniguruma vulnerability CVE-2019-13224
2019-08-23 00:00:00
thn
thn
Multiple Code Execution Flaws Found In PHP Programming Language
2019-09-06 11:12:00
cbl_mariner
cbl_mariner
CVE-2020-26159 affecting package oniguruma 6.9.5-2
2020-11-05 04:21:18
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0196
2019-12-20 00:00:00
Critical Photon OS Security Update - PHSA-2019-0196
2019-09-24 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0291
2020-10-20 00:00:00
rocky
rocky
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
gentoo
gentoo
Oniguruma: Multiple vulnerabilities
2019-11-07 00:00:00
freebsd
freebsd
oniguruma -- multiple vulnerabilities
2019-07-03 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
2023-01-06 21:25:02
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities
2024-04-24 15:52:28

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for SUSE-SU-2022:3327-1
nessus53openvas37debian5osv15almalinux2fedora9redhat7oraclelinux2mageia3ubuntu3amazon5altlinux2veracode5redhatcve6cve6ubuntucve5prion6debiancve5githubexploit4alpinelinux4f51thn1cbl_mariner1photon7rocky1gentoo1freebsd1ibm2