drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PCRE
Name: |
Zwei Probleme in PCRE |
|
ID: |
USN-5627-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
|
Datum: |
Do, 22. September 2022, 21:52 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587 |
|
Applikationen: |
PCRE |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1471574309236037386== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------Ys00OoKYSb9m0L4Jf0XuDv20"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------Ys00OoKYSb9m0L4Jf0XuDv20 Content-Type: multipart/mixed; boundary="------------Wp0L1MX8k9QJke0lMISqD0gf"; protected-headers="v1" From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <e7897d5b-352e-b4d1-d4da-a73772bfa5d6@canonical.com> Subject: [USN-5627-1] PCRE vulnerabilities
--------------Wp0L1MX8k9QJke0lMISqD0gf Content-Type: multipart/mixed; boundary="------------Ti8Qtl0KYqk6tjXqwEY91YU8"
--------------Ti8Qtl0KYqk6tjXqwEY91YU8 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5627-1 September 22, 2022
pcre2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 20.04 LTS
Summary:
PCRE could be made to expose sensitive information.
Software Description: - pcre2: Perl 5 Compatible Regular Expression Library
Details:
It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libpcre2-16-0 10.39-3ubuntu0.1 libpcre2-32-0 10.39-3ubuntu0.1 libpcre2-8-0 10.39-3ubuntu0.1 libpcre2-posix3 10.39-3ubuntu0.1 pcre2-utils 10.39-3ubuntu0.1
Ubuntu 20.04 LTS: libpcre2-16-0 10.34-7ubuntu0.1 libpcre2-32-0 10.34-7ubuntu0.1 libpcre2-8-0 10.34-7ubuntu0.1 libpcre2-posix2 10.34-7ubuntu0.1 pcre2-utils 10.34-7ubuntu0.1
After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5627-1 CVE-2022-1586, CVE-2022-1587
Package Information: https://launchpad.net/ubuntu/+source/pcre2/10.39-3ubuntu0.1 https://launchpad.net/ubuntu/+source/pcre2/10.34-7ubuntu0.1
--------------Ti8Qtl0KYqk6tjXqwEY91YU8 Content-Type: application/pgp-keys; name="OpenPGP_0x196D412138F33F64.asc" Content-Disposition: attachment; filename="OpenPGP_0x196D412138F33F64.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55 KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f 7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP +NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF 63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3 5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3 MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe 1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap /RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK 7/zNmhJ06VU=3D =3DJWgW -----END PGP PUBLIC KEY BLOCK-----
--------------Ti8Qtl0KYqk6tjXqwEY91YU8--
--------------Wp0L1MX8k9QJke0lMISqD0gf--
--------------Ys00OoKYSb9m0L4Jf0XuDv20 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmMsXs0FAwAAAAAACgkQGW1BITjzP2Qk yQv9Ha5pQvxCy/mrBhu9sqjY7muhj2K2aLCyV7Bh91jMGNf7IcwhcaGpyZqrSS4fXtaXJP9PuMnZ K6VfK2GVDS/2lFHSXxwlj2bLry3snkD4d/W1kzORq6TYEJpQ6r9rQ9kB6lQv2tjq22lb2K+GsEJE vBfxaoPFAFvNil3FXGJxhZTL9LM7MtGNM+Rw2GAEQCzOZSzFfNvGOVrk3ESvrtUWRnG2BW4Hi/OT 2/bK/yPafCGFcZbsWGqbpST05Y+RoojOZXqD43vGGDx/2mY/oGhcICEqO2L/9gSGJE+H7QmTYhr8 hmWCxerU90h7UPYRg9pHH0CqIBdBwL5j4fNO1PPxKOWdl1V3VLLTzqADCxJlbBvIp99jVSIUicWv 2pID+aexxp/lOmTy3tYypmSAhvZHSUGXCiKX9B6nWwsa18Xv2gcM77tPD5kJHEZU02/axKdxqTvi OReT8xrs7QHM+ukeO86UkTo3peYU8u7kfZ8g6demJ7y9pxLxHRUowxylNaf7 =s+kD -----END PGP SIGNATURE-----
--------------Ys00OoKYSb9m0L4Jf0XuDv20--
--===============1471574309236037386== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============1471574309236037386==--
|
|
|
|