Bugzilla – Bug 960837
VUL-0: CVE-2016-1283: pcre: Heap buffer overflow in pcre_compile2 causes DoS
Last modified: 2021-04-20 07:45:41 UTC
rh#1295385 It was found that pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service via heap-based buffer overflow. Upstream bug: https://bugs.exim.org/show_bug.cgi?id=1767 References: https://bugzilla.redhat.com/show_bug.cgi?id=1295385 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1283 http://seclists.org/oss-sec/2016/q1/2 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1283.html https://bugs.exim.org/show_bug.cgi?id=1767
bugbot adjusting priority
http://vcs.pcre.org/pcre?view=revision&revision=1636
For pcre, this was submitted into factory via https://build.opensuse.org/request/show/403030 Recording in changelog: https://build.opensuse.org/request/show/416446
This is an autogenerated message for OBS integration: This bug (960837) was mentioned in https://build.opensuse.org/request/show/437711 13.2 / pcre
openSUSE-SU-2016:2805-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 933288,933878,936227,942865,957566,957598,960837,971741,972127 CVE References: CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2016-1283,CVE-2016-3191 Sources used: openSUSE 13.2 (src): pcre-8.39-3.8.1
SUSE-SU-2016:2971-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127 CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Workstation Extension 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Server 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Server 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise High Availability 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise High Availability 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise Desktop 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Desktop 12-SP1 (src): pcre-8.39-5.1
openSUSE-SU-2016:3099-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127 CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191 Sources used: openSUSE Leap 42.2 (src): pcre-8.39-6.1 openSUSE Leap 42.1 (src): pcre-8.39-5.1
SUSE-SU-2016:3161-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127 CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Workstation Extension 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server for SAP 12 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server 12-LTSS (src): pcre-8.39-7.1 SUSE Linux Enterprise High Availability 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise High Availability 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Desktop 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Desktop 12-SP1 (src): pcre-8.39-7.1
Looks done to me, but evaluate yourself
Done