drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PCRE
| Name: |
Zwei Probleme in PCRE |
|
| ID: |
USN-5425-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM, Ubuntu 21.10, Ubuntu 22.04 LTS |
|
| Datum: |
Mi, 18. Mai 2022, 07:24 |
|
| Referenzen: |
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.21.10.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.22.04.1 |
|
| Applikationen: |
PCRE |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2983938673059347065==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------rkmDg1Y6j0I3gxjyX0Y4Z44j"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------rkmDg1Y6j0I3gxjyX0Y4Z44j
Content-Type: multipart/mixed;
boundary="------------5vIqoC8TtiaoYzl864UIyOqs";
protected-headers="v1"
From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <e0a44773-2d75-410a-e4bb-3ad35e7387d8@canonical.com>
Subject: [USN-5425-1] PCRE vulnerabilities
--------------5vIqoC8TtiaoYzl864UIyOqs
Content-Type: multipart/mixed;
boundary="------------phoQNZMiILlRXJ0f0x0pJAsl"
--------------phoQNZMiILlRXJ0f0x0pJAsl
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-5425-1
May 17, 2022
pcre3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in PCRE.
Software Description:
- pcre3: Perl 5 Compatible Regular Expression Library
Details:
Yunho Kim discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to expose sensitive
information. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)
It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to have unexpected
behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libpcre3 2:8.39-13ubuntu0.22.04.1
Ubuntu 21.10:
libpcre3 2:8.39-13ubuntu0.21.10.1
Ubuntu 20.04 LTS:
libpcre3 2:8.39-12ubuntu0.1
Ubuntu 18.04 LTS:
libpcre3 2:8.39-9ubuntu0.1
Ubuntu 16.04 ESM:
libpcre3 2:8.38-3.1ubuntu0.1~esm1
Ubuntu 14.04 ESM:
libpcre3 1:8.31-2ubuntu2.3+esm1
After a standard system update you need to restart applications using PCRE,
such as the Apache HTTP server and Nginx, to make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-5425-1
CVE-2019-20838, CVE-2020-14155
Package Information:
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-13ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-12ubuntu0.1
https://launchpad.net/ubuntu/+source/pcre3/2:8.39-9ubuntu0.1
--------------phoQNZMiILlRXJ0f0x0pJAsl
Content-Type: application/pgp-keys;
name="OpenPGP_0x196D412138F33F64.asc"
Content-Disposition: attachment;
filename="OpenPGP_0x196D412138F33F64.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh
X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU
sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55
KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T
PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f
7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl
v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF
Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm
BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp
ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm
zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC
AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT
TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP
+NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl
GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL
X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU
x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC
ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J
k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj
GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T
x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs
Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF
63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz
zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3
5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3
MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe
1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg
EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK
ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh
OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP
b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj
jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap
/RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF
sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn
c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX
VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND
w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK
7/zNmhJ06VU=3D
=3DJWgW
-----END PGP PUBLIC KEY BLOCK-----
--------------phoQNZMiILlRXJ0f0x0pJAsl--
--------------5vIqoC8TtiaoYzl864UIyOqs--
--------------rkmDg1Y6j0I3gxjyX0Y4Z44j
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmKDwywFAwAAAAAACgkQGW1BITjzP2Qs
xgv8CjyibPr2O33E1bp7c8KOzKpYjkEmPrGRSRw+QMxfpact6xJMPWpptKJfokr1QlYOxEjBfXOW
pRg8dCgqYudRU0I81Nk0dW793E17DK1n760ALK8zkpblA1AvNxtuAUWFFxY7+m3ULuz9JZEMzoWC
H5hViYaPJl/8ziJLISj3Aixb0mkHWHJHvrcDeBnUx+3La7M4VtqTppHGK0bEV3P3OjBBp8rQwZqo
KzlsUwIwh+FTTk5wM1GGxNC547rnDL9xCZQ+IL1OXHppDSHzEFGjvDGi2tznScnEDdw2fTOuIbhm
CfMUf0/8rh2mkO02RAK1L39Mc3Gg/xMB6DvZGu9JCwtnlHvrikbQeCR2V/IbzEyvhONrIb1KeYc5
odb5IuVEYCTLWb3Uh/F7lyw5V5Vm+UiXU58F48JZe4Qa56qP1DCBH4FU1PPXDLKZAmj1ohy9DzoL
mtSADAInExCVWFbB2tdChb2RraJIphi9UTaMgbis/kFTJ1knH/v72m/6cxcA
=835u
-----END PGP SIGNATURE-----
--------------rkmDg1Y6j0I3gxjyX0Y4Z44j--
--===============2983938673059347065==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============2983938673059347065==--
|
|
|
|
