Security update for pcre2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2035-1 Final 1 1 2016-08-11T11:52:26Z current 2016-08-11T11:52:26Z 2016-08-11T11:52:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pcre2 This update for pcre2 fixes the following issues: - pcre2 10.22: * The POSIX wrapper function regcomp() did not used to support back references and subroutine calls if called with the REG_NOSUB option. It now does. * A new function, pcre2_code_copy(), is added, to make a copy of a compiled pattern. * Support for string callouts is added to pcre2grep. * Added the PCRE2_NO_JIT option to pcre2_match(). * The pcre2_get_error_message() function now returns with a negative error code if the error number it is given is unknown. * Several updates have been made to pcre2test and test scripts * Fix CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses (boo#971741) - Update to new upstream release 10.21 * Improve JIT matching speed of patterns starting with + or *. * Use memchr() to find the first character in an unanchored match in 8-bit mode in the interpreter. This gives a significant speed improvement. * 10.20 broke the handling of [[:>:]] and [[:<:]] in that processing them could involve a buffer overflow if the following character was an opening parenthesis. * 10.20 also introduced a bug in processing this pattern: /((?x)(*:0))#(?'/, which was fixed. * A callout with a string argument containing an opening square bracket, for example /(?C$[$)(?<]/, was incorrectly processed and could provoke a buffer overflow. * A possessively repeated conditional group that could match an empty string, for example, /(?(R))*+/, was incorrectly compiled. * The Unicode tables have been updated to Unicode 8.0.0. * An empty comment (?#) in a pattern was incorrectly processed and could provoke a buffer overflow. * Fix infinite recursion in the JIT compiler when certain patterns /such as (?:|a|){100}x/ are analysed. * Some patterns with character classes involving [: and \\ were incorrectly compiled and could cause reading from uninitialized memory or an incorrect error diagnosis. Examples are: /[[:\\](?<[::]/ and /[[:\\](?'abc')[a:]. * A missing closing parenthesis for a callout with a string argument was not being diagnosed, possibly leading to a buffer overflow. * If (?R was followed by - or + incorrect behaviour happened instead of a diagnostic. * Fixed an issue when \p{Any} inside an xclass did not read the current character. * About 80 more fixes, which you can read about in the ChangeLog shipped with the libpcre2-8-0 package. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-08/msg00050.html E-Mail link for openSUSE-SU-2016:2035-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libpcre2-16-0-10.22-7.1 libpcre2-16-0-32bit-10.22-7.1 libpcre2-32-0-10.22-7.1 libpcre2-32-0-32bit-10.22-7.1 libpcre2-8-0-10.22-7.1 libpcre2-8-0-32bit-10.22-7.1 libpcre2-posix1-10.22-7.1 libpcre2-posix1-32bit-10.22-7.1 pcre2-10.22-7.1 pcre2-devel-10.22-7.1 pcre2-devel-static-10.22-7.1 pcre2-doc-10.22-7.1 pcre2-tools-10.22-7.1 libpcre2-16-0-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-16-0-32bit-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-32-0-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-32-0-32bit-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-8-0-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-8-0-32bit-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-posix1-10.22-7.1 as a component of openSUSE Leap 42.1 libpcre2-posix1-32bit-10.22-7.1 as a component of openSUSE Leap 42.1 pcre2-10.22-7.1 as a component of openSUSE Leap 42.1 pcre2-devel-10.22-7.1 as a component of openSUSE Leap 42.1 pcre2-devel-static-10.22-7.1 as a component of openSUSE Leap 42.1 pcre2-doc-10.22-7.1 as a component of openSUSE Leap 42.1 pcre2-tools-10.22-7.1 as a component of openSUSE Leap 42.1 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. CVE-2016-3191 openSUSE Leap 42.1:libpcre2-16-0-10.22-7.1 openSUSE Leap 42.1:libpcre2-16-0-32bit-10.22-7.1 openSUSE Leap 42.1:libpcre2-32-0-10.22-7.1 openSUSE Leap 42.1:libpcre2-32-0-32bit-10.22-7.1 openSUSE Leap 42.1:libpcre2-8-0-10.22-7.1 openSUSE Leap 42.1:libpcre2-8-0-32bit-10.22-7.1 openSUSE Leap 42.1:libpcre2-posix1-10.22-7.1 openSUSE Leap 42.1:libpcre2-posix1-32bit-10.22-7.1 openSUSE Leap 42.1:pcre2-10.22-7.1 openSUSE Leap 42.1:pcre2-devel-10.22-7.1 openSUSE Leap 42.1:pcre2-devel-static-10.22-7.1 openSUSE Leap 42.1:pcre2-doc-10.22-7.1 openSUSE Leap 42.1:pcre2-tools-10.22-7.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00050.html https://www.suse.com/security/cve/CVE-2016-3191.html CVE-2016-3191 https://bugzilla.suse.com/971741 SUSE Bug 971741