drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PCRE
Name: |
Zwei Probleme in PCRE |
|
ID: |
USN-5425-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM, Ubuntu 21.10, Ubuntu 22.04 LTS |
|
Datum: |
Mi, 18. Mai 2022, 07:24 |
|
Referenzen: |
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.21.10.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.22.04.1 |
|
Applikationen: |
PCRE |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2983938673059347065== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------rkmDg1Y6j0I3gxjyX0Y4Z44j"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------rkmDg1Y6j0I3gxjyX0Y4Z44j Content-Type: multipart/mixed; boundary="------------5vIqoC8TtiaoYzl864UIyOqs"; protected-headers="v1" From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <e0a44773-2d75-410a-e4bb-3ad35e7387d8@canonical.com> Subject: [USN-5425-1] PCRE vulnerabilities
--------------5vIqoC8TtiaoYzl864UIyOqs Content-Type: multipart/mixed; boundary="------------phoQNZMiILlRXJ0f0x0pJAsl"
--------------phoQNZMiILlRXJ0f0x0pJAsl Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5425-1 May 17, 2022
pcre3 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in PCRE.
Software Description: - pcre3: Perl 5 Compatible Regular Expression Library
Details:
Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)
It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libpcre3 2:8.39-13ubuntu0.22.04.1
Ubuntu 21.10: libpcre3 2:8.39-13ubuntu0.21.10.1
Ubuntu 20.04 LTS: libpcre3 2:8.39-12ubuntu0.1
Ubuntu 18.04 LTS: libpcre3 2:8.39-9ubuntu0.1
Ubuntu 16.04 ESM: libpcre3 2:8.38-3.1ubuntu0.1~esm1
Ubuntu 14.04 ESM: libpcre3 1:8.31-2ubuntu2.3+esm1
After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5425-1 CVE-2019-20838, CVE-2020-14155
Package Information: https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/pcre3/2:8.39-12ubuntu0.1 https://launchpad.net/ubuntu/+source/pcre3/2:8.39-9ubuntu0.1
--------------phoQNZMiILlRXJ0f0x0pJAsl Content-Type: application/pgp-keys; name="OpenPGP_0x196D412138F33F64.asc" Content-Disposition: attachment; filename="OpenPGP_0x196D412138F33F64.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55 KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f 7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP +NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF 63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3 5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3 MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe 1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap /RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK 7/zNmhJ06VU=3D =3DJWgW -----END PGP PUBLIC KEY BLOCK-----
--------------phoQNZMiILlRXJ0f0x0pJAsl--
--------------5vIqoC8TtiaoYzl864UIyOqs--
--------------rkmDg1Y6j0I3gxjyX0Y4Z44j Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmKDwywFAwAAAAAACgkQGW1BITjzP2Qs xgv8CjyibPr2O33E1bp7c8KOzKpYjkEmPrGRSRw+QMxfpact6xJMPWpptKJfokr1QlYOxEjBfXOW pRg8dCgqYudRU0I81Nk0dW793E17DK1n760ALK8zkpblA1AvNxtuAUWFFxY7+m3ULuz9JZEMzoWC H5hViYaPJl/8ziJLISj3Aixb0mkHWHJHvrcDeBnUx+3La7M4VtqTppHGK0bEV3P3OjBBp8rQwZqo KzlsUwIwh+FTTk5wM1GGxNC547rnDL9xCZQ+IL1OXHppDSHzEFGjvDGi2tznScnEDdw2fTOuIbhm CfMUf0/8rh2mkO02RAK1L39Mc3Gg/xMB6DvZGu9JCwtnlHvrikbQeCR2V/IbzEyvhONrIb1KeYc5 odb5IuVEYCTLWb3Uh/F7lyw5V5Vm+UiXU58F48JZe4Qa56qP1DCBH4FU1PPXDLKZAmj1ohy9DzoL mtSADAInExCVWFbB2tdChb2RraJIphi9UTaMgbis/kFTJ1knH/v72m/6cxcA =835u -----END PGP SIGNATURE-----
--------------rkmDg1Y6j0I3gxjyX0Y4Z44j--
--===============2983938673059347065== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============2983938673059347065==--
|
|
|
|