Issued:: 2024-01-24
Updated:: 2024-01-24

RHSA-2024:0409 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: oniguruma security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for oniguruma is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Oniguruma is a regular expressions library that supports a variety of character encodings.

Security Fix(es):

oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)
oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

BZ - 1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c
BZ - 1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
BZ - 1802051 - CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read
BZ - 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
BZ - 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
x86_64
oniguruma-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 1f04af83b8aa47ea34f593eb71d4983510e18437423cd623a97e308f920c1ca8
oniguruma-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 47812670bb2dd164977ba7a5e6fa4e1aa72da569d4a1db5b2c0919d62ced63dc
oniguruma-debuginfo-6.8.2-2.1.el8_6.i686.rpm	SHA-256: b91a91f35ebf005d07acca1f4d46ece4421b0f85453486e0260a988a991b9838
oniguruma-debuginfo-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 514b4fb619bbf9b04900281b77ebc5d17de5046da45709615192dba797ef2608
oniguruma-debugsource-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 2a3428559f2f3b9d1f8bbd13102bc4ed6a0b05712c18e0d071b81df0d1796d81
oniguruma-debugsource-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: a1595bb86e5cdbe9db2fbc380bb5bb418fa78b6f7f647406c48e321de04b5533

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
x86_64
oniguruma-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 1f04af83b8aa47ea34f593eb71d4983510e18437423cd623a97e308f920c1ca8
oniguruma-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 47812670bb2dd164977ba7a5e6fa4e1aa72da569d4a1db5b2c0919d62ced63dc
oniguruma-debuginfo-6.8.2-2.1.el8_6.i686.rpm	SHA-256: b91a91f35ebf005d07acca1f4d46ece4421b0f85453486e0260a988a991b9838
oniguruma-debuginfo-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 514b4fb619bbf9b04900281b77ebc5d17de5046da45709615192dba797ef2608
oniguruma-debugsource-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 2a3428559f2f3b9d1f8bbd13102bc4ed6a0b05712c18e0d071b81df0d1796d81
oniguruma-debugsource-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: a1595bb86e5cdbe9db2fbc380bb5bb418fa78b6f7f647406c48e321de04b5533

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
s390x
oniguruma-6.8.2-2.1.el8_6.s390x.rpm	SHA-256: 73be75a2b505185e8c54bf2e3fda550d1cacb09345472d8316cc0dd0124e7941
oniguruma-debuginfo-6.8.2-2.1.el8_6.s390x.rpm	SHA-256: a04b8c4ca5f0eab76779f87107f497be7425bfc498d964ff40a27897a63a226c
oniguruma-debugsource-6.8.2-2.1.el8_6.s390x.rpm	SHA-256: 1e3a927743361ad6793dc852d048754aab8d60dbcf0f6f6f37c9295d9f1d497b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
ppc64le
oniguruma-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: eb897555fbea68a4e9526df1d9f36b651999b4357f8970e81d8178b58e0e7b7c
oniguruma-debuginfo-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: d92a0cab394108c4833633ad2a0e6f7c74dfe86d766b2d753f108509efa710c9
oniguruma-debugsource-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: 3e2b973f095b48b3ad21ccff5b5ab9f5d46bd437e0ac77490acf21ac9ccf7d77

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
x86_64
oniguruma-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 1f04af83b8aa47ea34f593eb71d4983510e18437423cd623a97e308f920c1ca8
oniguruma-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 47812670bb2dd164977ba7a5e6fa4e1aa72da569d4a1db5b2c0919d62ced63dc
oniguruma-debuginfo-6.8.2-2.1.el8_6.i686.rpm	SHA-256: b91a91f35ebf005d07acca1f4d46ece4421b0f85453486e0260a988a991b9838
oniguruma-debuginfo-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 514b4fb619bbf9b04900281b77ebc5d17de5046da45709615192dba797ef2608
oniguruma-debugsource-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 2a3428559f2f3b9d1f8bbd13102bc4ed6a0b05712c18e0d071b81df0d1796d81
oniguruma-debugsource-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: a1595bb86e5cdbe9db2fbc380bb5bb418fa78b6f7f647406c48e321de04b5533

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
aarch64
oniguruma-6.8.2-2.1.el8_6.aarch64.rpm	SHA-256: 6395fbb6b20e0c5ed233d219949f216ac5a9e72a98884383f0b441ccbc2a55fa
oniguruma-debuginfo-6.8.2-2.1.el8_6.aarch64.rpm	SHA-256: 1cc44f13a27d1245a93f438ef162de1ef2da46ee6f35ded973318b6123b3e7f5
oniguruma-debugsource-6.8.2-2.1.el8_6.aarch64.rpm	SHA-256: 8bf8515d9636e5a7277137413c6058b568cb436178451927767ccf03531da969

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
ppc64le
oniguruma-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: eb897555fbea68a4e9526df1d9f36b651999b4357f8970e81d8178b58e0e7b7c
oniguruma-debuginfo-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: d92a0cab394108c4833633ad2a0e6f7c74dfe86d766b2d753f108509efa710c9
oniguruma-debugsource-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: 3e2b973f095b48b3ad21ccff5b5ab9f5d46bd437e0ac77490acf21ac9ccf7d77

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
oniguruma-6.8.2-2.1.el8_6.src.rpm	SHA-256: b83853e1914943afc40c9d611b4082f73ab6bf913375a83a822ab4face05c8ae
x86_64
oniguruma-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 1f04af83b8aa47ea34f593eb71d4983510e18437423cd623a97e308f920c1ca8
oniguruma-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 47812670bb2dd164977ba7a5e6fa4e1aa72da569d4a1db5b2c0919d62ced63dc
oniguruma-debuginfo-6.8.2-2.1.el8_6.i686.rpm	SHA-256: b91a91f35ebf005d07acca1f4d46ece4421b0f85453486e0260a988a991b9838
oniguruma-debuginfo-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 514b4fb619bbf9b04900281b77ebc5d17de5046da45709615192dba797ef2608
oniguruma-debugsource-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 2a3428559f2f3b9d1f8bbd13102bc4ed6a0b05712c18e0d071b81df0d1796d81
oniguruma-debugsource-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: a1595bb86e5cdbe9db2fbc380bb5bb418fa78b6f7f647406c48e321de04b5533

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM
x86_64
oniguruma-debuginfo-6.8.2-2.1.el8_6.i686.rpm	SHA-256: b91a91f35ebf005d07acca1f4d46ece4421b0f85453486e0260a988a991b9838
oniguruma-debuginfo-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: 514b4fb619bbf9b04900281b77ebc5d17de5046da45709615192dba797ef2608
oniguruma-debugsource-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 2a3428559f2f3b9d1f8bbd13102bc4ed6a0b05712c18e0d071b81df0d1796d81
oniguruma-debugsource-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: a1595bb86e5cdbe9db2fbc380bb5bb418fa78b6f7f647406c48e321de04b5533
oniguruma-devel-6.8.2-2.1.el8_6.i686.rpm	SHA-256: 6fbee2e83e5b248daa78d1dfb770ddb0fbfad9114d73118c08e46b27210eac73
oniguruma-devel-6.8.2-2.1.el8_6.x86_64.rpm	SHA-256: de0ff768e4ce556337cc6df790c4b63f781c7882f9a0c917a0ac53d23975f4d2

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6

SRPM
ppc64le
oniguruma-debuginfo-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: d92a0cab394108c4833633ad2a0e6f7c74dfe86d766b2d753f108509efa710c9
oniguruma-debugsource-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: 3e2b973f095b48b3ad21ccff5b5ab9f5d46bd437e0ac77490acf21ac9ccf7d77
oniguruma-devel-6.8.2-2.1.el8_6.ppc64le.rpm	SHA-256: a745c8c652d59e3deff0265533abb20d11f1b682d7e949c26972a92c896834fd

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM
s390x
oniguruma-debuginfo-6.8.2-2.1.el8_6.s390x.rpm	SHA-256: a04b8c4ca5f0eab76779f87107f497be7425bfc498d964ff40a27897a63a226c
oniguruma-debugsource-6.8.2-2.1.el8_6.s390x.rpm	SHA-256: 1e3a927743361ad6793dc852d048754aab8d60dbcf0f6f6f37c9295d9f1d497b
oniguruma-devel-6.8.2-2.1.el8_6.s390x.rpm	SHA-256: cb29f4c958e4ea52a081520fa5887f396a127f1075770e53ffe3d19a65239f4b

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM
aarch64
oniguruma-debuginfo-6.8.2-2.1.el8_6.aarch64.rpm	SHA-256: 1cc44f13a27d1245a93f438ef162de1ef2da46ee6f35ded973318b6123b3e7f5
oniguruma-debugsource-6.8.2-2.1.el8_6.aarch64.rpm	SHA-256: 8bf8515d9636e5a7277137413c6058b568cb436178451927767ccf03531da969
oniguruma-devel-6.8.2-2.1.el8_6.aarch64.rpm	SHA-256: 385b910694d99c5f156b4fa9d58a83d0bb85388c8de96f078ff530bdc0d38073

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation