Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2280 - Security Advisory

Synopsis

Moderate: uriparser security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for uriparser is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Uriparser is a URI parsing library, which is written in C and strictly complies with RFC 3986.

Security Fix(es):

  • uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198)
  • uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1651946 - CVE-2018-19198 uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function
  • BZ - 1651948 - CVE-2018-19199 uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function

Red Hat Enterprise Linux Server 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux Workstation 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux Desktop 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
s390x
uriparser-0.7.5-10.el7.s390.rpm SHA-256: 2ccf7fac506d049d871333dfadd05892816115d12d8d57432fc60fbfde80a4f3
uriparser-0.7.5-10.el7.s390x.rpm SHA-256: a012408a30985b22e8fe029413eb4fc2a2a67f32e4a7a7aa0d407f04d1efba8e
uriparser-debuginfo-0.7.5-10.el7.s390.rpm SHA-256: 7fe2e357a69bee50e66d8d614236a165575d643ebb4b205042ee3be3819a3251
uriparser-debuginfo-0.7.5-10.el7.s390x.rpm SHA-256: 9eef80e5022e3bdbc68cc645f10bedf0ab716991b6c53e52b818b59ef3cf6364
uriparser-devel-0.7.5-10.el7.s390.rpm SHA-256: 663519cc3a8210c99665a6c07d88b00d7079cf8fd834d9d3bf180910f5960596
uriparser-devel-0.7.5-10.el7.s390x.rpm SHA-256: acdb894cb7c88fa7f9e773209bf95992ee4751533f086ef0c9eed2ae518a5029

Red Hat Enterprise Linux for Power, big endian 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
ppc64
uriparser-0.7.5-10.el7.ppc.rpm SHA-256: 4da16a248ce03009ce6f54046c119f22c8b907822da13961104f1ac0ef3b87fc
uriparser-0.7.5-10.el7.ppc64.rpm SHA-256: ee9a875879d69c9249825e3900db6340b128a08912a515d6a91f56a4ca1ba901
uriparser-debuginfo-0.7.5-10.el7.ppc.rpm SHA-256: abd40532cf3dafc0446a101c99876334b210cfe37fce3c8408ba1bad310ab652
uriparser-debuginfo-0.7.5-10.el7.ppc64.rpm SHA-256: cad9254702c7e81b776ffd016ab69aec75b553ce0e950b3e4195891f8260c0df
uriparser-devel-0.7.5-10.el7.ppc.rpm SHA-256: 48e72160678765ea9c41012c1ded892954581a1405050dfb8105e137190d2440
uriparser-devel-0.7.5-10.el7.ppc64.rpm SHA-256: 843b1ee9993da510e9d00e224e8acad4d97730024354f9ab84246db5d718b40f

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux for Power, little endian 7

SRPM
uriparser-0.7.5-10.el7.src.rpm SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
ppc64le
uriparser-0.7.5-10.el7.ppc64le.rpm SHA-256: 3ce5c1b0497add3833b1efde7117ecb960ca75c7e401f7a642ebc0ca5e522740
uriparser-debuginfo-0.7.5-10.el7.ppc64le.rpm SHA-256: e204e7737fef0264af45d458f0f377d1e14fa8423ed4da1aba25ddbf0ef932d4
uriparser-devel-0.7.5-10.el7.ppc64le.rpm SHA-256: 218991439a284bab9737953fe9d3d082589cf8196feb5a109c77e93ea7167cb8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.