Bug 958373

Summary: pcre version 8.33 has security vulnerabilities
Product: [openSUSE] openSUSE Distribution Reporter: Dave Plater <davejplater>
Component: BasesystemAssignee: E-mail List <bnc-team-screening>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: Leap 42.1   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 42.1   
Whiteboard: CVSSv2:RedHat:CVE-2015-8388:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8395:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2015-8387:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8386:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8384:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8392:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8386:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2015-8383:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-3210:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVSSv2:NVD:CVE-2015-8391:9.0:(AV:N/AC:L/Au:N/C:P/I:P/A:C) CVSSv2:RedHat:CVE-2015-8385:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVSSv2:NVD:CVE-2015-8388:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8393:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2015-8384:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVSSv2:RedHat:CVE-2015-8394:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2015-8395:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8389:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8394:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8382:6.4:(AV:N/AC:L/Au:N/C:P/I:N/A:P) CVSSv2:RedHat:CVE-2015-8392:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVSSv2:NVD:CVE-2015-8381:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8387:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8381:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8384:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8392:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8382:1.9:(AV:L/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2015-8390:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8385:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2015-8393:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2015-8383:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVSSv2:RedHat:CVE-2015-8390:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8389:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8391:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-8385:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-3210:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8395:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8381:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8392:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8384:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-8383:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-4070:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-2325:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2015-2326:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2016-4070:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:SUSE:CVE-2015-2326:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4070:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2016-4070:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2016-4070:3.7:(AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVSSv2:NVD:CVE-2009-3559:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-4612:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-4619:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-5616:4.4:(AV:L/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-5617:4.4:(AV:L/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2013-7285:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2014-0245:2.6:(AV:N/AC:H/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2014-3540:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2014-4172:5.8:(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVSSv2:RedHat:CVE-2014-4651:3.3:(AV:L/AC:M/Au:N/C:P/I:P/A:N) CVSSv2:RedHat:CVE-2015-7559:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2016-5616:3.5:(AV:L/AC:H/Au:S/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-5617:6.8:(AV:L/AC:L/Au:S/C:C/I:C/A:C) CVSSv2:SUSE:CVE-2016-5616:6.0:(AV:L/AC:H/Au:S/C:C/I:C/A:C) CVSSv3:NVD:CVE-2016-4612:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-4619:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2015-7559:2.7:(AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L) CVSSv3:RedHat:CVE-2016-5483:6.4:(AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2016-5616:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2016-5617:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-16012:6.8:(AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) CVSSv3:SUSE:CVE-2017-16012:6.8:(AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) CVSSv3:UNK(Oracle):CVE-2016-5616:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:UNK(Oracle):CVE-2016-5617:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dave Plater 2015-12-08 14:45:32 UTC 
See boo#758072 Midnight Commander segfaults on search for file.
Updating mc to 4.8.15 fixes the stack overflow it causes in pcre-8.33 but updating pcre to version 8.38, which has numerous fixes, enables mc-4.8.14 to complete it's search without error.
These are the fixes :
CVE-2015-3217
CVE-2015-2325
CVE-2015-2326
CVE-2014-8964
See pcre changes from either Factory standard or Base:System which both have the same version, for some of the other fixes.
Comment 1 Marcus Meissner 2015-12-08 16:17:27 UTC 
see e-.g. bug 957598

*** This bug has been marked as a duplicate of bug 957598 ***