oniguruma-6.8.2-2.el8

エラータID: AXSA:2020-1068:01

Release date: 
Wednesday, December 23, 2020 - 13:20
Subject: 
oniguruma-6.8.2-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Oniguruma is a regular expressions library that supports a variety of character encodings.

Security Fix(es):

* oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.3 Release Notes linked from the References section.

CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Solution: 

Update packages.

CVEs: 
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Additional Info: 

N/A

Download: 

SRPMS
  1. oniguruma-6.8.2-2.el8.src.rpm
    MD5: 1b83664a3c158c15b277020b4456c2a0
    SHA-256: 61ed4805a45b36aff2eb2f15372ee4e6d097ec3fb6bcd6a2ef6b89a2670d6979
    Size: 953.44 kB

Asianux Server 8 for x86_64
  1. oniguruma-6.8.2-2.el8.x86_64.rpm
    MD5: bc6c8d960333c641c1dfeec5d157d5f4
    SHA-256: 59f095c8c7c92b740db123d960ee94712875206822dbbedc22e6b29e9c09fe63
    Size: 186.23 kB
  2. oniguruma-6.8.2-2.el8.i686.rpm
    MD5: ccfea2c9c669886280e05d4442bfd7ef
    SHA-256: 78a38731f6cf68f130653e7676af1f86ff44b106caafbaf61ed9220f1327e6b2
    Size: 190.60 kB