pcre2-10.32-2.el8
エラータID: AXSA:2021-1117:01
リリース日:
2021/01/08 Friday - 08:18
題名:
pcre2-10.32-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PCRE の pcre2_jit_compile.c の do_extuni_no_utf には境界外読込の問題があり、
\X のパターンが JIT コンパイルされ、非 UTF モードで巧妙に細工されたサブジェクトと
照合するために使用される場合、PCRE を使って信頼できない入力をパースしている
アプリケーションで、攻撃者がアプリケーションのクラッシュを引き起こすことのできる
脆弱性があります。(CVE-2019-20454)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-20454
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
追加情報:
N/A
ダウンロード:
SRPMS
- pcre2-10.32-2.el8.src.rpm
MD5: 2c74c959e39c4b8cf50914839446188d
SHA-256: fcdc96c466e5cd747c39df4eef3e51538c12b66c7f26abc3a1b05a1a7cf9fa63
Size: 1.59 MB
Asianux Server 8 for x86_64
- pcre2-10.32-2.el8.x86_64.rpm
MD5: 2000a0333b52f04fb19a516cda08cdeb
SHA-256: 94a03b896514ea8715800ba52b12db9bb3ae406b204133afc21c786ae1aa9746
Size: 245.28 kB - pcre2-devel-10.32-2.el8.x86_64.rpm
MD5: 3fdfcd5cd8ea053ee5ea01f54fca1502
SHA-256: fe5d91b2432932616dfc3ab903010c7f7d183270d397d8c446f6610939cf106e
Size: 603.64 kB - pcre2-utf16-10.32-2.el8.x86_64.rpm
MD5: c8e8b4e967a7db58067e1333b4d77b3d
SHA-256: 502618b272fa344ea2d3a894eb497ad720646ceb8ee9c7145bb245ff5472c2df
Size: 227.67 kB - pcre2-utf32-10.32-2.el8.x86_64.rpm
MD5: 19a01c9958b9196c3651e396b161fbef
SHA-256: 849137ed2a250316cdb700e89ee8a4240764bbe590ccceabad411b38f7e15eb4
Size: 219.23 kB - pcre2-10.32-2.el8.i686.rpm
MD5: e92697f09802e3707958e8ef15dd3d20
SHA-256: 540a9904b37334163f1cc3d293f77063a81177a514f7fb4b0055efff07b1f3e7
Size: 245.36 kB - pcre2-devel-10.32-2.el8.i686.rpm
MD5: 9f8b7a6d6943eae203c42b1583c26734
SHA-256: 14e716e98cbc90183f83ae37868c212384b516b244dccdd2787a87e3eb9e3ff1
Size: 603.64 kB - pcre2-utf16-10.32-2.el8.i686.rpm
MD5: 75f19fdad534209afce07739591be72b
SHA-256: ec6d6693b581685310c0f8340cdf2ccace17eb058f91eefed8e49c5f7367d5a5
Size: 228.32 kB - pcre2-utf32-10.32-2.el8.i686.rpm
MD5: 9dfb88179dfc057e039683d2aa8e9558
SHA-256: e83c04ef10c941ba9bd2cd68c27e8d9af5ebab754c8f23cd1399f59964882b26
Size: 219.86 kB