Security update for pcre SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3529-1 Final 1 1 2021-10-27T07:23:54Z current 2021-10-27T07:23:54Z 2021-10-27T07:23:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pcre This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3529 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DOG6FED4Y3TBAFL2V2XUUC43MKZLFGH3/ E-Mail link for openSUSE-SU-2021:3529-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172973 SUSE Bug 1172973 https://bugzilla.suse.com/1172974 SUSE Bug 1172974 https://www.suse.com/security/cve/CVE-2019-20838/ SUSE CVE CVE-2019-20838 page https://www.suse.com/security/cve/CVE-2020-14155/ SUSE CVE CVE-2020-14155 page openSUSE Leap 15.3 libpcre1-8.45-20.10.1 libpcre1-32bit-8.45-20.10.1 libpcre16-0-8.45-20.10.1 libpcre16-0-32bit-8.45-20.10.1 libpcrecpp0-8.45-20.10.1 libpcrecpp0-32bit-8.45-20.10.1 libpcreposix0-8.45-20.10.1 libpcreposix0-32bit-8.45-20.10.1 pcre-devel-8.45-20.10.1 pcre-devel-static-8.45-20.10.1 pcre-doc-8.45-20.10.1 pcre-tools-8.45-20.10.1 libpcre1-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcre1-32bit-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcre16-0-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcre16-0-32bit-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcrecpp0-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcrecpp0-32bit-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcreposix0-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcreposix0-32bit-8.45-20.10.1 as a component of openSUSE Leap 15.3 pcre-devel-8.45-20.10.1 as a component of openSUSE Leap 15.3 pcre-devel-static-8.45-20.10.1 as a component of openSUSE Leap 15.3 pcre-doc-8.45-20.10.1 as a component of openSUSE Leap 15.3 pcre-tools-8.45-20.10.1 as a component of openSUSE Leap 15.3 libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. CVE-2019-20838 openSUSE Leap 15.3:libpcre1-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcre1-8.45-20.10.1 openSUSE Leap 15.3:libpcre16-0-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcre16-0-8.45-20.10.1 openSUSE Leap 15.3:libpcrecpp0-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcrecpp0-8.45-20.10.1 openSUSE Leap 15.3:libpcreposix0-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcreposix0-8.45-20.10.1 openSUSE Leap 15.3:pcre-devel-8.45-20.10.1 openSUSE Leap 15.3:pcre-devel-static-8.45-20.10.1 openSUSE Leap 15.3:pcre-doc-8.45-20.10.1 openSUSE Leap 15.3:pcre-tools-8.45-20.10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DOG6FED4Y3TBAFL2V2XUUC43MKZLFGH3/ https://www.suse.com/security/cve/CVE-2019-20838.html CVE-2019-20838 https://bugzilla.suse.com/1172973 SUSE Bug 1172973 https://bugzilla.suse.com/1189526 SUSE Bug 1189526 https://bugzilla.suse.com/1193384 SUSE Bug 1193384 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. CVE-2020-14155 openSUSE Leap 15.3:libpcre1-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcre1-8.45-20.10.1 openSUSE Leap 15.3:libpcre16-0-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcre16-0-8.45-20.10.1 openSUSE Leap 15.3:libpcrecpp0-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcrecpp0-8.45-20.10.1 openSUSE Leap 15.3:libpcreposix0-32bit-8.45-20.10.1 openSUSE Leap 15.3:libpcreposix0-8.45-20.10.1 openSUSE Leap 15.3:pcre-devel-8.45-20.10.1 openSUSE Leap 15.3:pcre-devel-static-8.45-20.10.1 openSUSE Leap 15.3:pcre-doc-8.45-20.10.1 openSUSE Leap 15.3:pcre-tools-8.45-20.10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DOG6FED4Y3TBAFL2V2XUUC43MKZLFGH3/ https://www.suse.com/security/cve/CVE-2020-14155.html CVE-2020-14155 https://bugzilla.suse.com/1172974 SUSE Bug 1172974