Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2021:3625-1 Moderate: cURL Security Vulnerability Report

suse
Calendar Grey November 10, 2021
Dist Suse Esm H88
Canonical Security Update for libssl delivers crucial enhancements to strengthen protection in multiple variants impacted by potential threats.
An update that fixes 7 vulnerabilities is now available

Summary

This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973). - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807). - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805). - CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803). - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066). - CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

Topics%20covered

Topics Covered

security advisory moderate denial of service software update security fix SUSE Linux pcre

References

#1025709 #1030066 #1030803 #1030805 #1030807

#1172973 #1172974

Cross- CVE-2017-6004 CVE-2017-7186 CVE-2017-7244

CVE-2017-7245 CVE-2017-7246 CVE-2019-20838

CVE-2020-14155

CVSS scores:

CVE-2017-6004 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-6004 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-7186 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-7244 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2017-7245 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2017-7246 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2019-20838 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-20838 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2021:3652-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service software update security fix SUSE Linux pcre

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here