Red Hat Product Errata RHSA-2020:4827 - Security Advisory

Issued:: 2020-11-03
Updated:: 2020-11-03

RHSA-2020:4827 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: oniguruma security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for oniguruma is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Oniguruma is a regular expressions library that supports a variety of character encodings.

Security Fix(es):

oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64

Fixes

BZ - 1728965 - CVE-2019-13225 oniguruma: NULL pointer dereference in match_at() in regexec.c

CVEs

CVE-2019-13225

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
x86_64
oniguruma-6.8.2-2.el8.i686.rpm	SHA-256: 04453982e6c8b3a1b7d5d361da4287faacb92c24800ee17cd35ab07b3ee01c8a
oniguruma-6.8.2-2.el8.x86_64.rpm	SHA-256: 1a1c32e624ac3141a3e60075270b2a408f1b218d30bedbe83e9751cb6d16af5b
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
x86_64
oniguruma-6.8.2-2.el8.i686.rpm	SHA-256: 04453982e6c8b3a1b7d5d361da4287faacb92c24800ee17cd35ab07b3ee01c8a
oniguruma-6.8.2-2.el8.x86_64.rpm	SHA-256: 1a1c32e624ac3141a3e60075270b2a408f1b218d30bedbe83e9751cb6d16af5b
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
x86_64
oniguruma-6.8.2-2.el8.i686.rpm	SHA-256: 04453982e6c8b3a1b7d5d361da4287faacb92c24800ee17cd35ab07b3ee01c8a
oniguruma-6.8.2-2.el8.x86_64.rpm	SHA-256: 1a1c32e624ac3141a3e60075270b2a408f1b218d30bedbe83e9751cb6d16af5b
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
s390x
oniguruma-6.8.2-2.el8.s390x.rpm	SHA-256: 83067bc83498849d055da2f5773f92358f02b095690c995d038e4951946f2f80
oniguruma-debuginfo-6.8.2-2.el8.s390x.rpm	SHA-256: 328aeec751f07bd22453bb98be112f030b4ba9eac20c658aaafd3d0dd635800f
oniguruma-debugsource-6.8.2-2.el8.s390x.rpm	SHA-256: f87966fcfd5a8798f212ad6571885b061862de6b80badd05ea4378975b51b180

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
s390x
oniguruma-6.8.2-2.el8.s390x.rpm	SHA-256: 83067bc83498849d055da2f5773f92358f02b095690c995d038e4951946f2f80
oniguruma-debuginfo-6.8.2-2.el8.s390x.rpm	SHA-256: 328aeec751f07bd22453bb98be112f030b4ba9eac20c658aaafd3d0dd635800f
oniguruma-debugsource-6.8.2-2.el8.s390x.rpm	SHA-256: f87966fcfd5a8798f212ad6571885b061862de6b80badd05ea4378975b51b180

Red Hat Enterprise Linux for Power, little endian 8

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
ppc64le
oniguruma-6.8.2-2.el8.ppc64le.rpm	SHA-256: 55bbb142fb67749d0491b19cf7cec28126abb161c30cf6f72e4cc48a12902cb5
oniguruma-debuginfo-6.8.2-2.el8.ppc64le.rpm	SHA-256: d022949ad55264baa8b5b118e9c823e4b5cadaa915990136bd45a011507b3ddc
oniguruma-debugsource-6.8.2-2.el8.ppc64le.rpm	SHA-256: 5ca7c8106c594c6f31705704b66d46fd4340695d113f21a4d0e35ed64d089fef

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
ppc64le
oniguruma-6.8.2-2.el8.ppc64le.rpm	SHA-256: 55bbb142fb67749d0491b19cf7cec28126abb161c30cf6f72e4cc48a12902cb5
oniguruma-debuginfo-6.8.2-2.el8.ppc64le.rpm	SHA-256: d022949ad55264baa8b5b118e9c823e4b5cadaa915990136bd45a011507b3ddc
oniguruma-debugsource-6.8.2-2.el8.ppc64le.rpm	SHA-256: 5ca7c8106c594c6f31705704b66d46fd4340695d113f21a4d0e35ed64d089fef

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
x86_64
oniguruma-6.8.2-2.el8.i686.rpm	SHA-256: 04453982e6c8b3a1b7d5d361da4287faacb92c24800ee17cd35ab07b3ee01c8a
oniguruma-6.8.2-2.el8.x86_64.rpm	SHA-256: 1a1c32e624ac3141a3e60075270b2a408f1b218d30bedbe83e9751cb6d16af5b
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0

Red Hat Enterprise Linux for ARM 64 8

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
aarch64
oniguruma-6.8.2-2.el8.aarch64.rpm	SHA-256: a3c479a9afd17f2a92acab491af69de3b3f69850ab3f8fca5562c5f530530174
oniguruma-debuginfo-6.8.2-2.el8.aarch64.rpm	SHA-256: 324f7136dfdeae86fef3c03b4a394691111285c97dd73356479482b694f5819d
oniguruma-debugsource-6.8.2-2.el8.aarch64.rpm	SHA-256: 7ababa3e27147f1ac232c42de4fbf60e746dabf15d5983d64ac16f34c1126a56

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
x86_64
oniguruma-6.8.2-2.el8.i686.rpm	SHA-256: 04453982e6c8b3a1b7d5d361da4287faacb92c24800ee17cd35ab07b3ee01c8a
oniguruma-6.8.2-2.el8.x86_64.rpm	SHA-256: 1a1c32e624ac3141a3e60075270b2a408f1b218d30bedbe83e9751cb6d16af5b
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0
oniguruma-devel-6.8.2-2.el8.i686.rpm	SHA-256: 685c7270e63f9c41f2cc8046680b31253b146b515fd68232bd5da987028e5697
oniguruma-devel-6.8.2-2.el8.x86_64.rpm	SHA-256: d83d78e703cd05279621d8df33d3f90c8dd027d30f749ee0005442c32e56fed2

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
oniguruma-debuginfo-6.8.2-2.el8.ppc64le.rpm	SHA-256: d022949ad55264baa8b5b118e9c823e4b5cadaa915990136bd45a011507b3ddc
oniguruma-debugsource-6.8.2-2.el8.ppc64le.rpm	SHA-256: 5ca7c8106c594c6f31705704b66d46fd4340695d113f21a4d0e35ed64d089fef
oniguruma-devel-6.8.2-2.el8.ppc64le.rpm	SHA-256: ad94fcec192c5720556172088cc9ae51173970292d680309178f3a15c3439343

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
oniguruma-debuginfo-6.8.2-2.el8.aarch64.rpm	SHA-256: 324f7136dfdeae86fef3c03b4a394691111285c97dd73356479482b694f5819d
oniguruma-debugsource-6.8.2-2.el8.aarch64.rpm	SHA-256: 7ababa3e27147f1ac232c42de4fbf60e746dabf15d5983d64ac16f34c1126a56
oniguruma-devel-6.8.2-2.el8.aarch64.rpm	SHA-256: d8b8c933354f59f7a2695d2a5786d234cd47147ccceb4f84905476a6680918e8

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
oniguruma-debuginfo-6.8.2-2.el8.s390x.rpm	SHA-256: 328aeec751f07bd22453bb98be112f030b4ba9eac20c658aaafd3d0dd635800f
oniguruma-debugsource-6.8.2-2.el8.s390x.rpm	SHA-256: f87966fcfd5a8798f212ad6571885b061862de6b80badd05ea4378975b51b180
oniguruma-devel-6.8.2-2.el8.s390x.rpm	SHA-256: 7b2ade86ff238f36c47eea06a32146d8726549d662bfc33fc6e036003787671d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
aarch64
oniguruma-6.8.2-2.el8.aarch64.rpm	SHA-256: a3c479a9afd17f2a92acab491af69de3b3f69850ab3f8fca5562c5f530530174
oniguruma-debuginfo-6.8.2-2.el8.aarch64.rpm	SHA-256: 324f7136dfdeae86fef3c03b4a394691111285c97dd73356479482b694f5819d
oniguruma-debugsource-6.8.2-2.el8.aarch64.rpm	SHA-256: 7ababa3e27147f1ac232c42de4fbf60e746dabf15d5983d64ac16f34c1126a56

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
oniguruma-6.8.2-2.el8.src.rpm	SHA-256: 283414d126d60cdff214e15528584c2678310c4919ece2eddf116572ba231e0e
ppc64le
oniguruma-6.8.2-2.el8.ppc64le.rpm	SHA-256: 55bbb142fb67749d0491b19cf7cec28126abb161c30cf6f72e4cc48a12902cb5
oniguruma-debuginfo-6.8.2-2.el8.ppc64le.rpm	SHA-256: d022949ad55264baa8b5b118e9c823e4b5cadaa915990136bd45a011507b3ddc
oniguruma-debugsource-6.8.2-2.el8.ppc64le.rpm	SHA-256: 5ca7c8106c594c6f31705704b66d46fd4340695d113f21a4d0e35ed64d089fef

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4

SRPM
x86_64
oniguruma-debuginfo-6.8.2-2.el8.i686.rpm	SHA-256: c5fe09776467ce1440d26b0f5d0080a90b3a9bb2d11d21caec0bc34ce77a6f66
oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpm	SHA-256: b1b31e1912230fa22a5cde1760cb203969dedecdbd31227851831b81f42af71c
oniguruma-debugsource-6.8.2-2.el8.i686.rpm	SHA-256: 763563d009f8c195f8e9fe4174d0404f85cce896ad5ebcc14680ea7d91791bae
oniguruma-debugsource-6.8.2-2.el8.x86_64.rpm	SHA-256: a629e21ced1fb2d45b4db903893232df13d6d87bf5095be4cbfc111c9d1841e0
oniguruma-devel-6.8.2-2.el8.i686.rpm	SHA-256: 685c7270e63f9c41f2cc8046680b31253b146b515fd68232bd5da987028e5697
oniguruma-devel-6.8.2-2.el8.x86_64.rpm	SHA-256: d83d78e703cd05279621d8df33d3f90c8dd027d30f749ee0005442c32e56fed2

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4

SRPM
ppc64le
oniguruma-debuginfo-6.8.2-2.el8.ppc64le.rpm	SHA-256: d022949ad55264baa8b5b118e9c823e4b5cadaa915990136bd45a011507b3ddc
oniguruma-debugsource-6.8.2-2.el8.ppc64le.rpm	SHA-256: 5ca7c8106c594c6f31705704b66d46fd4340695d113f21a4d0e35ed64d089fef
oniguruma-devel-6.8.2-2.el8.ppc64le.rpm	SHA-256: ad94fcec192c5720556172088cc9ae51173970292d680309178f3a15c3439343

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.4

SRPM
s390x
oniguruma-debuginfo-6.8.2-2.el8.s390x.rpm	SHA-256: 328aeec751f07bd22453bb98be112f030b4ba9eac20c658aaafd3d0dd635800f
oniguruma-debugsource-6.8.2-2.el8.s390x.rpm	SHA-256: f87966fcfd5a8798f212ad6571885b061862de6b80badd05ea4378975b51b180
oniguruma-devel-6.8.2-2.el8.s390x.rpm	SHA-256: 7b2ade86ff238f36c47eea06a32146d8726549d662bfc33fc6e036003787671d

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4

SRPM
aarch64
oniguruma-debuginfo-6.8.2-2.el8.aarch64.rpm	SHA-256: 324f7136dfdeae86fef3c03b4a394691111285c97dd73356479482b694f5819d
oniguruma-debugsource-6.8.2-2.el8.aarch64.rpm	SHA-256: 7ababa3e27147f1ac232c42de4fbf60e746dabf15d5983d64ac16f34c1126a56
oniguruma-devel-6.8.2-2.el8.aarch64.rpm	SHA-256: d8b8c933354f59f7a2695d2a5786d234cd47147ccceb4f84905476a6680918e8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.