Executive Summary
Summary | |
---|---|
Title | pcre security update |
Informations | |||
---|---|---|---|
Name | RHSA-2016:1025 | First vendor Publication | 2016-05-11 |
Vendor | RedHat | Last vendor Modification | 2016-05-11 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 8.5 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for pcre is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PCRE is a Perl-compatible regular expression library. Security Fix(es): * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1311503 - CVE-2016-3191 pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2016-1025.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
70 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10 % | CWE-200 | Information Exposure |
10 % | CWE-185 | Incorrect Regular Expression |
10 % | CWE-19 | Data Handling |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-09-07 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1076.nasl - Type : ACT_GATHER_INFO |
2017-05-01 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2016-1023.nasl - Type : ACT_GATHER_INFO |
2017-03-22 | Name : A data aggregation application installed on the remote host is affected by mu... File : lce_4_8_1.nasl - Type : ACT_GATHER_INFO |
2017-03-06 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17331.nasl - Type : ACT_GATHER_INFO |
2016-12-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-3161-1.nasl - Type : ACT_GATHER_INFO |
2016-12-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1448.nasl - Type : ACT_GATHER_INFO |
2016-12-05 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2971-1.nasl - Type : ACT_GATHER_INFO |
2016-11-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1303.nasl - Type : ACT_GATHER_INFO |
2016-09-06 | Name : The Tenable SecurityCenter application installed on the remote host is affect... File : securitycenter_php_5_6_18.nasl - Type : ACT_GATHER_INFO |
2016-08-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-966.nasl - Type : ACT_GATHER_INFO |
2016-08-02 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL20225390.nasl - Type : ACT_GATHER_INFO |
2016-07-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-02.nasl - Type : ACT_GATHER_INFO |
2016-05-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-1025.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1025.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160511_pcre_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-1025.nasl - Type : ACT_GATHER_INFO |
2016-04-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2943-1.nasl - Type : ACT_GATHER_INFO |
2016-03-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7033b42def0911e5b76614dae9d210b8.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-fd1199dbe2.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-f59a8ff5d0.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-eb896290d3.nasl - Type : ACT_GATHER_INFO |
2016-02-11 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_7_0_3.nasl - Type : ACT_GATHER_INFO |
2016-02-11 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_18.nasl - Type : ACT_GATHER_INFO |
2016-02-11 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_32.nasl - Type : ACT_GATHER_INFO |
2016-02-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_85eb4e46cf1611e5840f485d605f4717.nasl - Type : ACT_GATHER_INFO |
2015-07-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2694-1.nasl - Type : ACT_GATHER_INFO |
2015-07-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8a1d0e631e0711e5b43d002590263bf5.nasl - Type : ACT_GATHER_INFO |
2015-07-20 | Name : The remote Fedora host is missing a security update. File : fedora_2015-11019.nasl - Type : ACT_GATHER_INFO |
2015-07-14 | Name : The remote Fedora host is missing a security update. File : fedora_2015-11027.nasl - Type : ACT_GATHER_INFO |
2015-06-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e69af2460ae211e590e4d050996490d0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-12-15 09:34:22 |
|
2016-05-14 13:29:01 |
|
2016-05-13 13:29:30 |
|
2016-05-11 17:25:19 |
|