Red Hat Product Errata RHSA-2019:2280 - Security Advisory

Issued:: 2019-08-06
Updated:: 2019-08-06

RHSA-2019:2280 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: uriparser security update

Type/Severity

Security Advisory: Moderate

Topic

An update for uriparser is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Uriparser is a URI parsing library, which is written in C and strictly complies with RFC 3986.

Security Fix(es):

uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198)
uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1651946 - CVE-2018-19198 uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function
BZ - 1651948 - CVE-2018-19199 uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm	SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm	SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm	SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm	SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm	SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm	SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux Workstation 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm	SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm	SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm	SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm	SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm	SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm	SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux Desktop 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm	SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm	SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm	SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm	SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm	SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm	SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
s390x
uriparser-0.7.5-10.el7.s390.rpm	SHA-256: 2ccf7fac506d049d871333dfadd05892816115d12d8d57432fc60fbfde80a4f3
uriparser-0.7.5-10.el7.s390x.rpm	SHA-256: a012408a30985b22e8fe029413eb4fc2a2a67f32e4a7a7aa0d407f04d1efba8e
uriparser-debuginfo-0.7.5-10.el7.s390.rpm	SHA-256: 7fe2e357a69bee50e66d8d614236a165575d643ebb4b205042ee3be3819a3251
uriparser-debuginfo-0.7.5-10.el7.s390x.rpm	SHA-256: 9eef80e5022e3bdbc68cc645f10bedf0ab716991b6c53e52b818b59ef3cf6364
uriparser-devel-0.7.5-10.el7.s390.rpm	SHA-256: 663519cc3a8210c99665a6c07d88b00d7079cf8fd834d9d3bf180910f5960596
uriparser-devel-0.7.5-10.el7.s390x.rpm	SHA-256: acdb894cb7c88fa7f9e773209bf95992ee4751533f086ef0c9eed2ae518a5029

Red Hat Enterprise Linux for Power, big endian 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
ppc64
uriparser-0.7.5-10.el7.ppc.rpm	SHA-256: 4da16a248ce03009ce6f54046c119f22c8b907822da13961104f1ac0ef3b87fc
uriparser-0.7.5-10.el7.ppc64.rpm	SHA-256: ee9a875879d69c9249825e3900db6340b128a08912a515d6a91f56a4ca1ba901
uriparser-debuginfo-0.7.5-10.el7.ppc.rpm	SHA-256: abd40532cf3dafc0446a101c99876334b210cfe37fce3c8408ba1bad310ab652
uriparser-debuginfo-0.7.5-10.el7.ppc64.rpm	SHA-256: cad9254702c7e81b776ffd016ab69aec75b553ce0e950b3e4195891f8260c0df
uriparser-devel-0.7.5-10.el7.ppc.rpm	SHA-256: 48e72160678765ea9c41012c1ded892954581a1405050dfb8105e137190d2440
uriparser-devel-0.7.5-10.el7.ppc64.rpm	SHA-256: 843b1ee9993da510e9d00e224e8acad4d97730024354f9ab84246db5d718b40f

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
x86_64
uriparser-0.7.5-10.el7.i686.rpm	SHA-256: 013865187bf5294656c0f7505a237f19fc772ae776ac60a3d7a4aee8159dc5a6
uriparser-0.7.5-10.el7.x86_64.rpm	SHA-256: 8a227ff420b826200500cb6e366ecaa513b56159f1ea0b024fae40fc4b746ade
uriparser-debuginfo-0.7.5-10.el7.i686.rpm	SHA-256: bdb53ac611ef4cc00a48f8885cc96202fa1c39e7eb4b5e51c1f0feb180ca4eb1
uriparser-debuginfo-0.7.5-10.el7.x86_64.rpm	SHA-256: 0b79852ee4bf13c16d8908883b17ef55321f3457081911a3ff57651665801d62
uriparser-devel-0.7.5-10.el7.i686.rpm	SHA-256: 096f4a14f60c282b3bd48e0f2d98e5a984818bd2913c2ac249c87ebeb50b485f
uriparser-devel-0.7.5-10.el7.x86_64.rpm	SHA-256: 62a764cc6f8d4b15e8ca5a616566754cb832455dc248a52b51f4bb6279ef770f

Red Hat Enterprise Linux for Power, little endian 7

SRPM
uriparser-0.7.5-10.el7.src.rpm	SHA-256: 95fcce6a19fda5dc28614dae046207b8b79812c3ddf73f7395a5ba148aa919e5
ppc64le
uriparser-0.7.5-10.el7.ppc64le.rpm	SHA-256: 3ce5c1b0497add3833b1efde7117ecb960ca75c7e401f7a642ebc0ca5e522740
uriparser-debuginfo-0.7.5-10.el7.ppc64le.rpm	SHA-256: e204e7737fef0264af45d458f0f377d1e14fa8423ed4da1aba25ddbf0ef932d4
uriparser-devel-0.7.5-10.el7.ppc64le.rpm	SHA-256: 218991439a284bab9737953fe9d3d082589cf8196feb5a109c77e93ea7167cb8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories