[ALSA-2024:0889] Moderate: oniguruma security update
Type:
security
Severity:
moderate
Release date:
2024-02-22
Description:
Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es): * oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224) * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163) * oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012) * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 oniguruma-devel-6.8.2-2.1.el8_9.aarch64.rpm c40f03ec7113611ad9919034c5fdfb4eeebb1a60def800a7206f9c5b2e5ead1d
aarch64 oniguruma-6.8.2-2.1.el8_9.aarch64.rpm f8782ebe080cc899bca4d9128f84a26488a3a933a7176a17b09152c63bf0f8ec
i686 oniguruma-devel-6.8.2-2.1.el8_9.i686.rpm af8644714e1ad957ee17e5938a4972d07c4586ede2bcddfbad9f443750c60040
i686 oniguruma-6.8.2-2.1.el8_9.i686.rpm e2ea0dd38130c3f2e43808c2cb7ce299142917f07bdae1fbf2290589baa68935
ppc64le oniguruma-devel-6.8.2-2.1.el8_9.ppc64le.rpm a0fa563ce68e683efa45ac61bda23af4fa5d8e9f3ff435eb9a5f981eadd0f4a6
ppc64le oniguruma-6.8.2-2.1.el8_9.ppc64le.rpm b85571c65d4cc472cb84e858c90e85aab6989e09ab34430c8a9218eb03d8a591
s390x oniguruma-6.8.2-2.1.el8_9.s390x.rpm 767741fec9d655be5714e68e8a8fdf766d570cb71beadb91d8db0af00290e7b8
s390x oniguruma-devel-6.8.2-2.1.el8_9.s390x.rpm 8778661eb34018d0632063a91da81c6d50aa7fd526604f247e0d994bd3c29e69
x86_64 oniguruma-devel-6.8.2-2.1.el8_9.x86_64.rpm cf6fadc7271e5e2937820d81de94b0e4214b4e624cf53bab2d45653b4f1301e8
x86_64 oniguruma-6.8.2-2.1.el8_9.x86_64.rpm d110a8fe14e5a0aacdaa8ebf8e61b49448e4725ee1eecd4b1cba04c05b928f3d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.