Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in PCRE
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in PCRE
ID: USN-5627-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
Datum: Do, 22. September 2022, 21:52
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587
Applikationen: PCRE

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1471574309236037386==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------Ys00OoKYSb9m0L4Jf0XuDv20"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------Ys00OoKYSb9m0L4Jf0XuDv20
Content-Type: multipart/mixed;
 boundary="------------Wp0L1MX8k9QJke0lMISqD0gf";
 protected-headers="v1"
From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <e7897d5b-352e-b4d1-d4da-a73772bfa5d6@canonical.com>
Subject: [USN-5627-1] PCRE vulnerabilities

--------------Wp0L1MX8k9QJke0lMISqD0gf
Content-Type: multipart/mixed;
 boundary="------------Ti8Qtl0KYqk6tjXqwEY91YU8"

--------------Ti8Qtl0KYqk6tjXqwEY91YU8
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5627-1
September 22, 2022

pcre2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

PCRE could be made to expose sensitive information.

Software Description:
- pcre2: Perl 5 Compatible Regular Expression Library

Details:

It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly
use this issue to cause applications using PCRE to expose
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   libpcre2-16-0                   10.39-3ubuntu0.1
   libpcre2-32-0                   10.39-3ubuntu0.1
   libpcre2-8-0                    10.39-3ubuntu0.1
   libpcre2-posix3                 10.39-3ubuntu0.1
   pcre2-utils                     10.39-3ubuntu0.1

Ubuntu 20.04 LTS:
   libpcre2-16-0                   10.34-7ubuntu0.1
   libpcre2-32-0                   10.34-7ubuntu0.1
   libpcre2-8-0                    10.34-7ubuntu0.1
   libpcre2-posix2                 10.34-7ubuntu0.1
   pcre2-utils                     10.34-7ubuntu0.1

After a standard system update you need to restart applications using PCRE,
such as the Apache HTTP server and Nginx, to make all the necessary
changes.

References:
   https://ubuntu.com/security/notices/USN-5627-1
   CVE-2022-1586, CVE-2022-1587

Package Information:
   https://launchpad.net/ubuntu/+source/pcre2/10.39-3ubuntu0.1
   https://launchpad.net/ubuntu/+source/pcre2/10.34-7ubuntu0.1

--------------Ti8Qtl0KYqk6tjXqwEY91YU8
Content-Type: application/pgp-keys;
 name="OpenPGP_0x196D412138F33F64.asc"
Content-Disposition: attachment;
 filename="OpenPGP_0x196D412138F33F64.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh
X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU
sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55
KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T
PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f
7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl
v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF
Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm
BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp
ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm
zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC
AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT
TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP
+NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl
GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL
X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU
x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC
ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J
k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj
GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T
x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs
Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF
63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz
zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3
5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3
MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe
1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg
EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK
ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh
OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP
b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj
jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap
/RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF
sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn
c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX
VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND
w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK
7/zNmhJ06VU=3D
=3DJWgW
-----END PGP PUBLIC KEY BLOCK-----

--------------Ti8Qtl0KYqk6tjXqwEY91YU8--

--------------Wp0L1MX8k9QJke0lMISqD0gf--

--------------Ys00OoKYSb9m0L4Jf0XuDv20
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmMsXs0FAwAAAAAACgkQGW1BITjzP2Qk
yQv9Ha5pQvxCy/mrBhu9sqjY7muhj2K2aLCyV7Bh91jMGNf7IcwhcaGpyZqrSS4fXtaXJP9PuMnZ
K6VfK2GVDS/2lFHSXxwlj2bLry3snkD4d/W1kzORq6TYEJpQ6r9rQ9kB6lQv2tjq22lb2K+GsEJE
vBfxaoPFAFvNil3FXGJxhZTL9LM7MtGNM+Rw2GAEQCzOZSzFfNvGOVrk3ESvrtUWRnG2BW4Hi/OT
2/bK/yPafCGFcZbsWGqbpST05Y+RoojOZXqD43vGGDx/2mY/oGhcICEqO2L/9gSGJE+H7QmTYhr8
hmWCxerU90h7UPYRg9pHH0CqIBdBwL5j4fNO1PPxKOWdl1V3VLLTzqADCxJlbBvIp99jVSIUicWv
2pID+aexxp/lOmTy3tYypmSAhvZHSUGXCiKX9B6nWwsa18Xv2gcM77tPD5kJHEZU02/axKdxqTvi
OReT8xrs7QHM+ukeO86UkTo3peYU8u7kfZ8g6demJ7y9pxLxHRUowxylNaf7
=s+kD
-----END PGP SIGNATURE-----

--------------Ys00OoKYSb9m0L4Jf0XuDv20--


--===============1471574309236037386==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1471574309236037386==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung