Security update for pcre

SUSE Security Update: Security update for pcre

---

Announcement ID:	SUSE-SU-2016:3161-1
Rating:	moderate
References:	#906574 #924960 #933288 #933878 #936227 #942865 #957566 #957567 #957598 #957600 #960837 #971741 #972127
Affected Products:	SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1

---

An update that fixes 25 vulnerabilities is now available.

Description:

This update for pcre to version 8.39 (bsc#972127) fixes several issues.

If you use pcre extensively please be aware that this is an update to a
new version. Please make sure that your software works with the updated
version.

This version fixes a number of vulnerabilities that affect pcre and
applications using the libary when accepting untrusted input as regular
expressions or as part thereof. Remote attackers could have caused the
application to crash, disclose information or potentially execute
arbitrary code. These security issues were fixed:

- CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote
attackers to cause a denial of service (crash) or have other unspecified
impact via a crafted regular expression, related to an assertion that
allows zero repeats (bsc#906574).
- CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960).
- CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex()
(bsc#933288)
- CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()
(bsc#933878).
- CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength()
(bsc#936227).
- bsc#942865: heap overflow in compile_regex()
- CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a //
pattern with a \01 string, which allowed remote attackers to cause a
denial of service (heap-based buffer overflow) or possibly have
unspecified other impact via a crafted regular expression, as
demonstrated by a JavaScript RegExp object encountered by Konqueror
(bsc#957566).
- CVE-2015-2327: PCRE mishandled certain patterns with internal recursive
back references, which allowed remote attackers to cause a denial of
service (segmentation fault) or possibly have unspecified other impact
via a crafted regular expression, as demonstrated by a JavaScript RegExp
object encountered by Konqueror (bsc#957567).
- bsc#957598: Various security issues
- CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598).
- CVE-2015-8382: Regular Expression Uninitialized Pointer Information
Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598).
- CVE-2015-8383: Buffer overflow caused by repeated conditional
group(bsc#957598).
- CVE-2015-8384: Buffer overflow caused by recursive back reference by
name within certain group(bsc#957598).
- CVE-2015-8385: Buffer overflow caused by forward reference by name to
certain group(bsc#957598).
- CVE-2015-8386: Buffer overflow caused by lookbehind
assertion(bsc#957598).
- CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598).
- CVE-2015-8388: Buffer overflow caused by certain patterns with an
unmatched closing parenthesis(bsc#957598).
- CVE-2015-8389: Infinite recursion in JIT compiler when processing
certain patterns(bsc#957598).
- CVE-2015-8390: Reading from uninitialized memory when processing certain
patterns(bsc#957598).
- CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
for a very long time(bsc#957598).
- CVE-2015-8392: Buffer overflow caused by certain patterns with
duplicated named groups(bsc#957598).
- CVE-2015-8393: Information leak when running pcgrep -q on crafted
binary(bsc#957598).
- CVE-2015-8394: Integer overflow caused by missing check for certain
conditions(bsc#957598).
- CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598).
- CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related
patterns with certain recursion, which allowed remote attackers to cause
a denial of service (segmentation fault) or possibly have unspecified
other impact via a crafted regular expression (bsc#957600).
- CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE
mishandled certain patterns with named subgroups, which allowed remote
attackers to cause a denial of service (heap-based buffer overflow) or
possibly have unspecified other impact via a crafted regular expression
(bsc#960837).
- CVE-2016-3191: The compile_branch function in pcre_compile.c in
pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in
conjunction with nested parentheses, which allowed remote attackers to
execute arbitrary code or cause a denial of service (stack-based buffer
overflow) via a crafted regular expression (bsc#971741).

These non-security issues were fixed:
- JIT compiler improvements
- performance improvements
- The Unicode data tables have been updated to Unicode 7.0.0.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Workstation Extension 12-SP2:
  zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1827=1
• SUSE Linux Enterprise Workstation Extension 12-SP1:
  zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1827=1
• SUSE Linux Enterprise Software Development Kit 12-SP2:
  zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1827=1
• SUSE Linux Enterprise Software Development Kit 12-SP1:
  zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1827=1
• SUSE Linux Enterprise Server for SAP 12:
  zypper in -t patch SUSE-SLE-SAP-12-2016-1827=1
• SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
  zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1827=1
• SUSE Linux Enterprise Server 12-SP2:
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1827=1
• SUSE Linux Enterprise Server 12-SP1:
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1827=1
• SUSE Linux Enterprise Server 12-LTSS:
  zypper in -t patch SUSE-SLE-SERVER-12-2016-1827=1
• SUSE Linux Enterprise High Availability 12-SP2:
  zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1827=1
• SUSE Linux Enterprise High Availability 12-SP1:
  zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1827=1
• SUSE Linux Enterprise Desktop 12-SP2:
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1827=1
• SUSE Linux Enterprise Desktop 12-SP1:
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1827=1

To bring your system up-to-date, use "zypper patch".

Package List:

• SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
  • libpcrecpp0-32bit-8.39-7.1
  • libpcrecpp0-8.39-7.1
  • libpcrecpp0-debuginfo-32bit-8.39-7.1
  • libpcrecpp0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
  • libpcrecpp0-32bit-8.39-7.1
  • libpcrecpp0-8.39-7.1
  • libpcrecpp0-debuginfo-32bit-8.39-7.1
  • libpcrecpp0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
  • libpcrecpp0-8.39-7.1
  • libpcrecpp0-debuginfo-8.39-7.1
  • libpcreposix0-8.39-7.1
  • libpcreposix0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
  • pcre-devel-8.39-7.1
  • pcre-devel-static-8.39-7.1
  • pcre-tools-8.39-7.1
  • pcre-tools-debuginfo-8.39-7.1
• SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
  • libpcrecpp0-8.39-7.1
  • libpcrecpp0-debuginfo-8.39-7.1
  • libpcreposix0-8.39-7.1
  • libpcreposix0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
  • pcre-devel-8.39-7.1
  • pcre-devel-static-8.39-7.1
  • pcre-tools-8.39-7.1
  • pcre-tools-debuginfo-8.39-7.1
• SUSE Linux Enterprise Server for SAP 12 (x86_64):
  • libpcre1-32bit-8.39-7.1
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-32bit-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Server 12-SP2 (x86_64):
  • libpcre1-32bit-8.39-7.1
  • libpcre1-debuginfo-32bit-8.39-7.1
• SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
  • libpcre1-32bit-8.39-7.1
  • libpcre1-debuginfo-32bit-8.39-7.1
• SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Server 12-LTSS (s390x x86_64):
  • libpcre1-32bit-8.39-7.1
  • libpcre1-debuginfo-32bit-8.39-7.1
• SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):
  • libpcreposix0-8.39-7.1
  • libpcreposix0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64):
  • libpcreposix0-8.39-7.1
  • libpcreposix0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
  • libpcre1-32bit-8.39-7.1
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-32bit-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • libpcrecpp0-32bit-8.39-7.1
  • libpcrecpp0-8.39-7.1
  • libpcrecpp0-debuginfo-32bit-8.39-7.1
  • libpcrecpp0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1
• SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
  • libpcre1-32bit-8.39-7.1
  • libpcre1-8.39-7.1
  • libpcre1-debuginfo-32bit-8.39-7.1
  • libpcre1-debuginfo-8.39-7.1
  • libpcre16-0-8.39-7.1
  • libpcre16-0-debuginfo-8.39-7.1
  • libpcrecpp0-32bit-8.39-7.1
  • libpcrecpp0-8.39-7.1
  • libpcrecpp0-debuginfo-32bit-8.39-7.1
  • libpcrecpp0-debuginfo-8.39-7.1
  • pcre-debugsource-8.39-7.1

References:

• https://www.suse.com/security/cve/CVE-2014-8964.html
• https://www.suse.com/security/cve/CVE-2015-2325.html
• https://www.suse.com/security/cve/CVE-2015-2327.html
• https://www.suse.com/security/cve/CVE-2015-2328.html
• https://www.suse.com/security/cve/CVE-2015-3210.html
• https://www.suse.com/security/cve/CVE-2015-3217.html
• https://www.suse.com/security/cve/CVE-2015-5073.html
• https://www.suse.com/security/cve/CVE-2015-8380.html
• https://www.suse.com/security/cve/CVE-2015-8381.html
• https://www.suse.com/security/cve/CVE-2015-8382.html
• https://www.suse.com/security/cve/CVE-2015-8383.html
• https://www.suse.com/security/cve/CVE-2015-8384.html
• https://www.suse.com/security/cve/CVE-2015-8385.html
• https://www.suse.com/security/cve/CVE-2015-8386.html
• https://www.suse.com/security/cve/CVE-2015-8387.html
• https://www.suse.com/security/cve/CVE-2015-8388.html
• https://www.suse.com/security/cve/CVE-2015-8389.html
• https://www.suse.com/security/cve/CVE-2015-8390.html
• https://www.suse.com/security/cve/CVE-2015-8391.html
• https://www.suse.com/security/cve/CVE-2015-8392.html
• https://www.suse.com/security/cve/CVE-2015-8393.html
• https://www.suse.com/security/cve/CVE-2015-8394.html
• https://www.suse.com/security/cve/CVE-2015-8395.html
• https://www.suse.com/security/cve/CVE-2016-1283.html
• https://www.suse.com/security/cve/CVE-2016-3191.html
• https://bugzilla.suse.com/906574
• https://bugzilla.suse.com/924960
• https://bugzilla.suse.com/933288
• https://bugzilla.suse.com/933878
• https://bugzilla.suse.com/936227
• https://bugzilla.suse.com/942865
• https://bugzilla.suse.com/957566
• https://bugzilla.suse.com/957567
• https://bugzilla.suse.com/957598
• https://bugzilla.suse.com/957600
• https://bugzilla.suse.com/960837
• https://bugzilla.suse.com/971741
• https://bugzilla.suse.com/972127